Jim Richard wrote:
> Honestly I’m not even sure if something is not working correctly :)
> All I know is that my httpd, access and krb5 logs are filling up all my
> disk space extremely quickly and I have no idea why.
> Centos 6.8 + IPA 3.0
> One master and one replica.
> Are these things related? 
> How do I fix, where do I even start?
> Thanks !
> On the replica the httpd log is constantly getting spammed with:
> [Thu Nov 24 05:55:18 2016] [error] ipa: INFO:
> host/phoenix-153.nym1.placeiq....@placeiq.net:
> cert_request(u’actual cert removed….. , add=True): ACIError
> and on the master the access log is filling up quickly with:
> - - [24/Nov/2016:06:09:54 +0000] "POST
> /ca/agent/ca/displayBySerial HTTP/1.1" 200 10106

Looks like certmonger trying to renew the per-client SSL certificate.
You can confirm by pulling out the CSR and poking at it with openssl req.

On the client you can try running: ipa-getcert list

This may show more details on why the request was rejected.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to