I just realized that I sent the reply directly to Rob and not to the list. My response is inline
*Mike Plemmons | Senior DevOps Engineer | CROSSCHX* 614.427.2411 mike.plemm...@crosschx.com www.crosschx.com On Thu, May 4, 2017 at 9:39 AM, Michael Plemmons < michael.plemm...@crosschx.com> wrote: > > > > > > *Mike Plemmons | Senior DevOps Engineer | CROSSCHX* > 614.427.2411 > mike.plemm...@crosschx.com > www.crosschx.com > > On Thu, May 4, 2017 at 9:24 AM, Rob Crittenden <rcrit...@redhat.com> > wrote: > >> Michael Plemmons wrote: >> > I realized that I was not very clear in my statement about testing with >> > ldapsearch. I had initially run it without logging in with a DN. I was >> > just running the local ldapsearch -x command. I then tested on >> > ipa12.mgmt and ipa11.mgmt logging in with a full DN for the admin and >> > "cn=Directory Manager" from ipa12.mgmt (broken server) and ipa11.mgmt >> > and both ldapsearch command succeeded. >> > >> > I ran the following from ipa12.mgmt and ipa11.mgmt as a non root user. >> > I also ran the command showing a line count for the output and the line >> > counts for each were the same when run from ipa12.mgmt and ipa11.mgmt. >> > >> > ldapsearch -LLL -h ipa12.mgmt.crosschx.com >> > <http://ipa12.mgmt.crosschx.com> -D "DN" -w PASSWORD -b >> > "cn=users,cn=accounts,dc=mgmt,dc=crosschx,dc=com" dn >> > >> > ldapsearch -LLL -h ipa12.mgmt.crosschx.com >> > <http://ipa12.mgmt.crosschx.com> -D "cn=directory manager" -w PASSWORD >> dn >> >> The CA has its own suffix and replication agreements. Given the auth >> error and recent (5 months) renewal of CA credentials I'd check that the >> CA agent authentication entries are correct. >> >> Against each master with a CA run: >> >> $ ldapsearch -LLL -x -D 'cn=directory manager' -W -b >> uid=ipara,ou=people,o=ipaca description >> >> The format is 2;serial#,subject,issuer >> >> Then on each run: >> >> # certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial >> >> The serial # should match that in the description everywhere. >> >> rob >> >> > > On the CA (IPA13.MGMT) I ran the ldapsearch command and see that the > serial number is 7. I then ran the certutil command on all three servers > and the serial number is 7 as well. > > > I also ran the ldapsearch command against the other two servers and they > also showed a serial number of 7. > > > > >> > >> > >> > >> > >> > *Mike Plemmons | Senior DevOps Engineer | CROSSCHX >> > * >> > 614.427.2411 >> > mike.plemm...@crosschx.com <mailto:mike.plemm...@crosschx.com> >> > www.crosschx.com <http://www.crosschx.com/> >> > >> > On Wed, May 3, 2017 at 5:28 PM, Michael Plemmons >> > <michael.plemm...@crosschx.com <mailto:michael.plemm...@crosschx.com>> >> > wrote: >> > >> > I have a three node IPA cluster. >> > >> > ipa11.mgmt - was a master over 6 months ago >> > ipa13.mgmt - current master >> > ipa12.mgmt >> > >> > ipa13 has agreements with ipa11 and ipa12. ipa11 and ipa12 do not >> > have agreements between each other. >> > >> > It appears that either ipa12.mgmt lost some level of its replication >> > agreement with ipa13. I saw some level because users / hosts were >> > replicated between all systems but we started seeing DNS was not >> > resolving properly from ipa12. I do not know when this started. >> > >> > When looking at replication agreements on ipa12 I did not see any >> > agreement with ipa13. >> > >> > When I run ipa-replica-manage list all three hosts show has master. >> > >> > When I run ipa-replica-manage ipa11.mgmt I see ipa13.mgmt is a >> replica. >> > >> > When I run ipa-replica-manage ipa12.mgmt nothing returned. >> > >> > I ran ipa-replica-manage connect --cacert=/etc/ipa/ca.crt >> > ipa12.mgmt.crosschx.com <http://ipa12.mgmt.crosschx.com> >> > ipa13.mgmt.crosschx.com <http://ipa13.mgmt.crosschx.com> on >> ipa12.mgmt >> > >> > I then ran the following >> > >> > ipa-replica-manage force-sync --from ipa13.mgmt.crosschx.com >> > <http://ipa13.mgmt.crosschx.com> >> > >> > ipa-replica-manage re-initialize --from ipa13.mgmt.crosschx.com >> > <http://ipa13.mgmt.crosschx.com> >> > >> > I was still seeing bad DNS returns when dig'ing against ipa12.mgmt. >> > I was able to create user and DNS records and see the information >> > replicated properly across all three nodes. >> > >> > I then ran ipactl stop on ipa12.mgmt and then ipactl start on >> > ipa12.mgmt because I wanted to make sure everything was running >> > fresh after the changes above. While IPA was staring up (DNS >> > started) we were able to see valid DNS queries returned but >> > pki-tomcat would not start. >> > >> > I am not sure what I need to do in order to get this working. I >> > have included the output of certutil and getcert below from all >> > three servers as well as the debug output for pki. >> > >> > >> > While the IPA system is coming up I am able to successfully run >> > ldapsearch -x as the root user and see results. I am also able to >> > login with the "cn=Directory Manager" account and see results. >> > >> > >> > The debug log shows the following error. >> > >> > >> > [03/May/2017:21:22:01][localhost-startStop-1]: >> > ============================================ >> > [03/May/2017:21:22:01][localhost-startStop-1]: ===== DEBUG >> > SUBSYSTEM INITIALIZED ======= >> > [03/May/2017:21:22:01][localhost-startStop-1]: >> > ============================================ >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: restart >> at >> > autoShutdown? false >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > autoShutdown crumb file path? >> > /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: about to >> > look for cert for auto-shutdown support:auditSigningCert cert-pki-ca >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: found >> > cert:auditSigningCert cert-pki-ca >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: done init >> > id=debug >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > initialized debug >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > initSubsystem id=log >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: ready to >> > init id=log >> > [03/May/2017:21:22:01][localhost-startStop-1]: Creating >> > RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ >> ca_audit) >> > [03/May/2017:21:22:01][localhost-startStop-1]: Creating >> > RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system) >> > [03/May/2017:21:22:01][localhost-startStop-1]: Creating >> > RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions) >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: restart >> at >> > autoShutdown? false >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > autoShutdown crumb file path? >> > /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: about to >> > look for cert for auto-shutdown support:auditSigningCert cert-pki-ca >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: found >> > cert:auditSigningCert cert-pki-ca >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: done init >> > id=log >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > initialized log >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > initSubsystem id=jss >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: ready to >> > init id=jss >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: restart >> at >> > autoShutdown? false >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > autoShutdown crumb file path? >> > /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: about to >> > look for cert for auto-shutdown support:auditSigningCert cert-pki-ca >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: found >> > cert:auditSigningCert cert-pki-ca >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: done init >> > id=jss >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > initialized jss >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: >> > initSubsystem id=dbs >> > [03/May/2017:21:22:01][localhost-startStop-1]: CMSEngine: ready to >> > init id=dbs >> > [03/May/2017:21:22:01][localhost-startStop-1]: DBSubsystem: init() >> > mEnableSerialMgmt=true >> > [03/May/2017:21:22:01][localhost-startStop-1]: Creating >> > LdapBoundConnFactor(DBSubsystem) >> > [03/May/2017:21:22:01][localhost-startStop-1]: >> LdapBoundConnFactory: >> > init >> > [03/May/2017:21:22:01][localhost-startStop-1]: >> > LdapBoundConnFactory:doCloning true >> > [03/May/2017:21:22:01][localhost-startStop-1]: LdapAuthInfo: init() >> > [03/May/2017:21:22:01][localhost-startStop-1]: LdapAuthInfo: init >> begins >> > [03/May/2017:21:22:01][localhost-startStop-1]: LdapAuthInfo: init >> ends >> > [03/May/2017:21:22:01][localhost-startStop-1]: init: before >> > makeConnection errorIfDown is true >> > [03/May/2017:21:22:01][localhost-startStop-1]: makeConnection: >> > errorIfDown true >> > [03/May/2017:21:22:02][localhost-startStop-1]: >> > SSLClientCertificateSelectionCB: Setting desired cert nickname to: >> > subsystemCert cert-pki-ca >> > [03/May/2017:21:22:02][localhost-startStop-1]: LdapJssSSLSocket: >> set >> > client auth cert nickname subsystemCert cert-pki-ca >> > [03/May/2017:21:22:02][localhost-startStop-1]: >> > SSLClientCertificatSelectionCB: Entering! >> > [03/May/2017:21:22:02][localhost-startStop-1]: >> > SSLClientCertificateSelectionCB: returning: null >> > [03/May/2017:21:22:02][localhost-startStop-1]: SSL handshake >> happened >> > Could not connect to LDAP server host ipa12.mgmt.crosschx.com >> > <http://ipa12.mgmt.crosschx.com> port 636 Error >> > netscape.ldap.LDAPException: Authentication failed (48) >> > at >> > com.netscape.cmscore.ldapconn.LdapBoundConnFactory. >> makeConnection(LdapBoundConnFactory.java:205) >> > at >> > com.netscape.cmscore.ldapconn.LdapBoundConnFactory. >> init(LdapBoundConnFactory.java:166) >> > at >> > com.netscape.cmscore.ldapconn.LdapBoundConnFactory. >> init(LdapBoundConnFactory.java:130) >> > at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java: >> 654) >> > at >> > com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine >> .java:1169) >> > at >> > com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngin >> e.java:1075) >> > at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571) >> > at com.netscape.certsrv.apps.CMS.init(CMS.java:187) >> > at com.netscape.certsrv.apps.CMS.start(CMS.java:1616) >> > at >> > com.netscape.cms.servlet.base.CMSStartServlet.init(CMSS >> tartServlet.java:114) >> > at javax.servlet.GenericServlet.init(GenericServlet.java:158) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcc >> essorImpl.java:62) >> > at >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingM >> ethodAccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:498) >> > at >> > org.apache.catalina.security.SecurityUtil$1.run(SecurityUti >> l.java:288) >> > at >> > org.apache.catalina.security.SecurityUtil$1.run(SecurityUti >> l.java:285) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) >> > at >> > org.apache.catalina.security.SecurityUtil.execute(SecurityU >> til.java:320) >> > at >> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(Sec >> urityUtil.java:175) >> > at >> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(Sec >> urityUtil.java:124) >> > at >> > org.apache.catalina.core.StandardWrapper.initServlet(Standa >> rdWrapper.java:1270) >> > at >> > org.apache.catalina.core.StandardWrapper.loadServlet(Standa >> rdWrapper.java:1195) >> > at >> > org.apache.catalina.core.StandardWrapper.load(StandardWrapp >> er.java:1085) >> > at >> > org.apache.catalina.core.StandardContext.loadOnStartup(Stan >> dardContext.java:5318) >> > at >> > org.apache.catalina.core.StandardContext.startInternal(Stan >> dardContext.java:5610) >> > at >> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase. >> java:147) >> > at >> > org.apache.catalina.core.ContainerBase.addChildInternal(Con >> tainerBase.java:899) >> > at >> > org.apache.catalina.core.ContainerBase.access$000(Container >> Base.java:133) >> > at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild. >> run(ContainerBase.java:156) >> > at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild. >> run(ContainerBase.java:145) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at >> > org.apache.catalina.core.ContainerBase.addChild(ContainerBa >> se.java:873) >> > at >> > org.apache.catalina.core.StandardHost.addChild(StandardHost >> .java:652) >> > at >> > org.apache.catalina.startup.HostConfig.deployDescriptor(Hos >> tConfig.java:679) >> > at >> > org.apache.catalina.startup.HostConfig$DeployDescriptor.run >> (HostConfig.java:1966) >> > at >> > java.util.concurrent.Executors$RunnableAdapter.call( >> Executors.java:511) >> > at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> > at >> > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoo >> lExecutor.java:1142) >> > at >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPo >> olExecutor.java:617) >> > at java.lang.Thread.run(Thread.java:745) >> > Internal Database Error encountered: Could not connect to LDAP >> > server host ipa12.mgmt.crosschx.com <http://ipa12.mgmt.crosschx.com >> > >> > port 636 Error netscape.ldap.LDAPException: Authentication failed >> (48) >> > at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java: >> 676) >> > at >> > com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine >> .java:1169) >> > at >> > com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngin >> e.java:1075) >> > at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571) >> > at com.netscape.certsrv.apps.CMS.init(CMS.java:187) >> > at com.netscape.certsrv.apps.CMS.start(CMS.java:1616) >> > at >> > com.netscape.cms.servlet.base.CMSStartServlet.init(CMSS >> tartServlet.java:114) >> > at javax.servlet.GenericServlet.init(GenericServlet.java:158) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcc >> essorImpl.java:62) >> > at >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingM >> ethodAccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:498) >> > at >> > org.apache.catalina.security.SecurityUtil$1.run(SecurityUti >> l.java:288) >> > at >> > org.apache.catalina.security.SecurityUtil$1.run(SecurityUti >> l.java:285) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) >> > at >> > org.apache.catalina.security.SecurityUtil.execute(SecurityU >> til.java:320) >> > at >> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(Sec >> urityUtil.java:175) >> > at >> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(Sec >> urityUtil.java:124) >> > at >> > org.apache.catalina.core.StandardWrapper.initServlet(Standa >> rdWrapper.java:1270) >> > at >> > org.apache.catalina.core.StandardWrapper.loadServlet(Standa >> rdWrapper.java:1195) >> > at >> > org.apache.catalina.core.StandardWrapper.load(StandardWrapp >> er.java:1085) >> > at >> > org.apache.catalina.core.StandardContext.loadOnStartup(Stan >> dardContext.java:5318) >> > at >> > org.apache.catalina.core.StandardContext.startInternal(Stan >> dardContext.java:5610) >> > at >> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase. >> java:147) >> > at >> > org.apache.catalina.core.ContainerBase.addChildInternal(Con >> tainerBase.java:899) >> > at >> > org.apache.catalina.core.ContainerBase.access$000(Container >> Base.java:133) >> > at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild. >> run(ContainerBase.java:156) >> > at >> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild. >> run(ContainerBase.java:145) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at >> > org.apache.catalina.core.ContainerBase.addChild(ContainerBa >> se.java:873) >> > at >> > org.apache.catalina.core.StandardHost.addChild(StandardHost >> .java:652) >> > at >> > org.apache.catalina.startup.HostConfig.deployDescriptor(Hos >> tConfig.java:679) >> > at >> > org.apache.catalina.startup.HostConfig$DeployDescriptor.run >> (HostConfig.java:1966) >> > at >> > java.util.concurrent.Executors$RunnableAdapter.call( >> Executors.java:511) >> > at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> > at >> > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoo >> lExecutor.java:1142) >> > at >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPo >> olExecutor.java:617) >> > at java.lang.Thread.run(Thread.java:745) >> > [03/May/2017:21:22:02][localhost-startStop-1]: CMSEngine.shutdown() >> > >> > >> > ============================= >> > >> > >> > IPA11.MGMT >> > >> > (root)>certutil -L -d /etc/dirsrv/slapd-MGMT-CROSSCHX-COM/ >> > Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert >> > u,u,u MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> IPA CA CT,C,C >> > (root)>certutil -L -d /var/lib/pki/pki-tomcat/alias/ Certificate >> > Nickname Trust Attributes SSL,S/MIME,JAR/XPI caSigningCert >> > cert-pki-ca CTu,Cu,Cu auditSigningCert cert-pki-ca u,u,Pu >> > ocspSigningCert cert-pki-ca u,u,u subsystemCert cert-pki-ca u,u,u >> > Server-Cert cert-pki-ca u,u,u IPA13.MGMT (root)>certutil -L -d >> > /etc/dirsrv/slapd-MGMT-CROSSCHX-COM/ Certificate Nickname Trust >> > Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> IPA CA CT,C,C (root)>certutil -L -d >> > /var/lib/pki/pki-tomcat/alias/ Certificate Nickname Trust >> Attributes >> > SSL,S/MIME,JAR/XPI caSigningCert cert-pki-ca CTu,Cu,Cu >> > auditSigningCert cert-pki-ca u,u,Pu ocspSigningCert cert-pki-ca >> > u,u,u subsystemCert cert-pki-ca u,u,u Server-Cert cert-pki-ca u,u,u >> > IPA12.MGMT (root)>certutil -L -d >> > /etc/dirsrv/slapd-MGMT-CROSSCHX-COM/ Certificate Nickname Trust >> > Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> IPA CA C,, (root)>certutil -L -d >> > /var/lib/pki/pki-tomcat/alias/ Certificate Nickname Trust >> Attributes >> > SSL,S/MIME,JAR/XPI caSigningCert cert-pki-ca CTu,Cu,Cu >> > auditSigningCert cert-pki-ca u,u,Pu ocspSigningCert cert-pki-ca >> > u,u,u subsystemCert cert-pki-ca u,u,u Server-Cert cert-pki-ca u,u,u >> > ================================================= IPA11.MGMT >> > (root)>getcert list Number of certificates and requests being >> > tracked: 8. Request ID '20161229155314': status: MONITORING stuck: >> > no key pair storage: >> > type=NSSDB,location='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM', >> nickname='Server-Cert',token='NSS >> > Certificate >> > DB',pinfile='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM/pwdfile.txt' >> > certificate: >> > type=NSSDB,location='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM', >> nickname='Server-Cert',token='NSS >> > Certificate DB' CA: IPA issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa11.mgmt.crosschx.com >> > <http://ipa11.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-30 15:52:43 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save >> > command: /usr/libexec/ipa/certmonger/restart_dirsrv >> > MGMT-CROSSCHX-COM track: yes auto-renew: yes Request ID >> > '20161229155652': status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='auditSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='auditSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=CA Audit,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> expires: >> > 2018-11-12 13:00:29 UTC key usage: digitalSignature,nonRepudiation >> > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save >> > command: /usr/libexec/ipa/certmonger/renew_ca_cert >> "auditSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155654': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='ocspSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='ocspSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=OCSP Subsystem,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> >> > expires: 2018-11-12 13:00:26 UTC key usage: >> > digitalSignature,nonRepudiation,keyCertSign,cRLSign eku: >> > id-kp-OCSPSigning pre-save command: >> > /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "ocspSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155655': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='subsystemCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='subsystemCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=CA Subsystem,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> >> > expires: 2018-11-12 13:00:28 UTC key usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: >> > /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "subsystemCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155657': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='caSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='caSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=Certificate Authority,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2036-11-22 13:00:25 UTC key >> > usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save >> > command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "caSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155659': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert >> cert-pki-ca',token='NSS >> > Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert >> cert-pki-ca',token='NSS >> > Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa11.mgmt.crosschx.com >> > <http://ipa11.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-19 15:56:20 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth,id-kp-emailProtection >> > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save >> > command: /usr/libexec/ipa/certmonger/renew_ca_cert "Server-Cert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155921': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer >> t',token='NSS >> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: >> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer >> t',token='NSS >> > Certificate DB' CA: IPA issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa11.mgmt.crosschx.com >> > <http://ipa11.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-30 15:52:46 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save >> > command: /usr/libexec/ipa/certmonger/restart_httpd track: yes >> > auto-renew: yes Request ID '20161229160009': status: MONITORING >> > stuck: no key pair storage: >> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert', >> token='NSS >> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: >> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert', >> token='NSS >> > Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=IPA RA,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> expires: >> > 2018-11-12 13:01:34 UTC key usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: >> > /usr/libexec/ipa/certmonger/renew_ra_cert_pre post-save command: >> > /usr/libexec/ipa/certmonger/renew_ra_cert track: yes auto-renew: >> yes >> > ================================== IPA13.MGMT (root)>getcert list >> > Number of certificates and requests being tracked: 8. Request ID >> > '20161229143449': status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM', >> nickname='Server-Cert',token='NSS >> > Certificate >> > DB',pinfile='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM/pwdfile.txt' >> > certificate: >> > type=NSSDB,location='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM', >> nickname='Server-Cert',token='NSS >> > Certificate DB' CA: IPA issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa13.mgmt.crosschx.com >> > <http://ipa13.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-30 14:34:20 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save >> > command: /usr/libexec/ipa/certmonger/restart_dirsrv >> > MGMT-CROSSCHX-COM track: yes auto-renew: yes Request ID >> > '20161229143826': status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='auditSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='auditSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=CA Audit,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> expires: >> > 2018-11-12 13:00:29 UTC key usage: digitalSignature,nonRepudiation >> > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save >> > command: /usr/libexec/ipa/certmonger/renew_ca_cert >> "auditSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143828': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='ocspSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='ocspSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=OCSP Subsystem,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> >> > expires: 2018-11-12 13:00:26 UTC key usage: >> > digitalSignature,nonRepudiation,keyCertSign,cRLSign eku: >> > id-kp-OCSPSigning pre-save command: >> > /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "ocspSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143831': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='subsystemCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='subsystemCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=CA Subsystem,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> >> > expires: 2018-11-12 13:00:28 UTC key usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: >> > /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "subsystemCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143833': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='caSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='caSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=Certificate Authority,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2036-11-22 13:00:25 UTC key >> > usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save >> > command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "caSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143835': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert >> cert-pki-ca',token='NSS >> > Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert >> cert-pki-ca',token='NSS >> > Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa13.mgmt.crosschx.com >> > <http://ipa13.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-19 14:37:54 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth,id-kp-emailProtection >> > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save >> > command: /usr/libexec/ipa/certmonger/renew_ca_cert "Server-Cert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229144057': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer >> t',token='NSS >> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: >> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer >> t',token='NSS >> > Certificate DB' CA: IPA issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa13.mgmt.crosschx.com >> > <http://ipa13.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-30 14:34:23 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save >> > command: /usr/libexec/ipa/certmonger/restart_httpd track: yes >> > auto-renew: yes Request ID '20161229144146': status: MONITORING >> > stuck: no key pair storage: >> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert', >> token='NSS >> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: >> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert', >> token='NSS >> > Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=IPA RA,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> expires: >> > 2018-11-12 13:01:34 UTC key usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: >> > /usr/libexec/ipa/certmonger/renew_ra_cert_pre post-save command: >> > /usr/libexec/ipa/certmonger/renew_ra_cert track: yes auto-renew: >> yes >> > =========================== IPA12.MGMT (root)>getcert list Number of >> > certificates and requests being tracked: 8. Request ID >> > '20161229151518': status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM', >> nickname='Server-Cert',token='NSS >> > Certificate >> > DB',pinfile='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM/pwdfile.txt' >> > certificate: >> > type=NSSDB,location='/etc/dirsrv/slapd-MGMT-CROSSCHX-COM', >> nickname='Server-Cert',token='NSS >> > Certificate DB' CA: IPA issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa12.mgmt.crosschx.com >> > <http://ipa12.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-30 15:14:51 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save >> > command: /usr/libexec/ipa/certmonger/restart_dirsrv >> > MGMT-CROSSCHX-COM track: yes auto-renew: yes Request ID >> > '20161229151850': status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='auditSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='auditSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=CA Audit,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> expires: >> > 2018-11-12 13:00:29 UTC key usage: digitalSignature,nonRepudiation >> > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save >> > command: /usr/libexec/ipa/certmonger/renew_ca_cert >> "auditSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151852': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='ocspSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='ocspSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=OCSP Subsystem,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> >> > expires: 2018-11-12 13:00:26 UTC key usage: >> > digitalSignature,nonRepudiation,keyCertSign,cRLSign eku: >> > id-kp-OCSPSigning pre-save command: >> > /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "ocspSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151854': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='subsystemCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='subsystemCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=CA Subsystem,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> >> > expires: 2018-11-12 13:00:28 UTC key usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: >> > /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "subsystemCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151856': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='caSigningCert >> > cert-pki-ca',token='NSS Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias', >> nickname='caSigningCert >> > cert-pki-ca',token='NSS Certificate DB' CA: >> > dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=Certificate Authority,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2036-11-22 13:00:25 UTC key >> > usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save >> > command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: >> > /usr/libexec/ipa/certmonger/renew_ca_cert "caSigningCert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151858': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert >> cert-pki-ca',token='NSS >> > Certificate DB',pin set certificate: >> > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert >> cert-pki-ca',token='NSS >> > Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa12.mgmt.crosschx.com >> > <http://ipa12.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-19 15:18:16 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth,id-kp-emailProtection >> > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save >> > command: /usr/libexec/ipa/certmonger/renew_ca_cert "Server-Cert >> > cert-pki-ca" track: yes auto-renew: yes Request ID '20161229152115': >> > status: MONITORING stuck: no key pair storage: >> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer >> t',token='NSS >> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: >> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer >> t',token='NSS >> > Certificate DB' CA: IPA issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=ipa12.mgmt.crosschx.com >> > <http://ipa12.mgmt.crosschx.com>,O=MGMT.CROSSCHX.COM >> > <http://MGMT.CROSSCHX.COM> expires: 2018-12-30 15:14:54 UTC key >> > usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save >> > command: /usr/libexec/ipa/certmonger/restart_httpd track: yes >> > auto-renew: yes Request ID '20161229152204': status: MONITORING >> > stuck: no key pair storage: >> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert', >> token='NSS >> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: >> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert', >> token='NSS >> > Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate >> > Authority,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> subject: >> > CN=IPA RA,O=MGMT.CROSSCHX.COM <http://MGMT.CROSSCHX.COM> expires: >> > 2018-11-12 13:01:34 UTC key usage: >> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> > eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: >> > /usr/libexec/ipa/certmonger/renew_ra_cert_pre post-save command: >> > /usr/libexec/ipa/certmonger/renew_ra_cert track: yes auto-renew: >> yes >> > >> > >> > *Mike Plemmons | Senior DevOps Engineer | CROSSCHX >> > * >> > 614.427.2411 >> > mike.plemm...@crosschx.com <mailto:mike.plemm...@crosschx.com> >> > www.crosschx.com <http://www.crosschx.com/> >> > >> > >> > >> > >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project