Hallo,
Unfortunately I don't know when this problem occurred first, but it may
have occurred after an update.
The httpd does not start and aborts with the error
[:info] [pid 15383] Using nickname Server-Cert.
[...] [:error] [pid 15383] Certificate not found: 'Server-Cert'
when I want to start FreeIPA via "systemctl start ipa" or "ipactl start"
or "systemctl start httpd"
If I turn the NSSEngine off it starts of cause.
In contrast to this message "ipa-getcert list -d /etc/httpd/alias/ -n
Server-Cert" does find a certificate, if I get the output [1] right.
ipa-server-upgrade also complained about the HTTPD not starting, so I
tried to run it with "NSSEnigne off" which made the upgrade run through,
but did not fix the problem with the HTTPd
My System:
(After running "ipa-server-upgrade" with out any failures, but with
"NSSEngine off")
# ipa --version
VERSION: 4.4.4, API_VERSION: 2.215
on Fedora Server 26
CA-Server at main IPA-Server (which is failing now)
/etc/hosts has got the fqdn in the first line
and DNS is not installed.
[1] # ipa-getcert list -d /etc/httpd/alias/ -n Server-Cert
Number of certificates and requests being tracked: 8.
Request ID '20160718102648':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipa_server.example.com,O=EXAMPLE.COM
expires: 2018-03-24 14:33:00 CET
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/libexec/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
Many thanks in advance,
Julian
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org