Oops, the slapd messages are arriving every 60s, not 5m.
On 05/18/2017 08:56 AM, Bret Wortman wrote:
httpd_error seems to give the most information. When i try to use ipa
cert-show:
ipa: INFO: [jsonserver_kerb] ad...@damascusgrp.com: ping(): SUCCESS
(111)Connection refused: AH00957: AJP: at
httpd_error seems to give the most information. When i try to use ipa
cert-show:
ipa: INFO: [jsonserver_kerb] ad...@damascusgrp.com: ping(): SUCCESS
(111)Connection refused: AH00957: AJP: attempt to connect to
127.0.0.1:8009 (localhost) failed
AH00959: ap_proxy_connect_backend disabling worker
On 04/26/2017 06:02 PM, Rob Crittenden wrote:
Bret Wortman wrote:
So I can see my certs using cert-find, but can't get details using
cert-show or add new ones using cert-request.
# ipa cert-find
:
--
Number of entries returned 385
---
The log slog continues but isn't turning up anything useful, or I'm
looking in the wrong logs. Now getting twice-daily visits from users who
need new SSL certs wondering when I'm going to be able to create them.
I'm happy to do the work to figure out what went wrong, I just don't
grok these in
On 04/28/2017 02:57 PM, Bret Wortman wrote:
Flo,
I did find that issue and made those corrections to our /etc/hosts file,
but the problem persists.
Thanks for the idea!
after the change did you restart pki?
Bret
On 04/27/2017 03:42 AM, Florence Blanc-Renaud wrote:
On 04/26/2017 04:33
The closest I found was this:
[02/May/2017:14:33:57][localhost-startStop-1]: No rule can be found for
publishing: cacert
[02/May/2017:14:33:37][localhost-startStop-1]: published ca cert
[02/May/2017:14:33:37][localhost-startStop-1]: CMSEngine: ca startup done
On 05/02/2017 10:50 AM, Bret Wort
I plowed through /var/log/pki/pki-tomcat/ca/debug, but nothing jumps out
as looking like an error.
The cert-show failure is troubling, but my inability to get CSRs turned
into certs is what's actually driving this.
Bret
On 04/26/2017 06:02 PM, Rob Crittenden wrote:
Bret Wortman wrote:
So
Flo,
I did find that issue and made those corrections to our /etc/hosts file,
but the problem persists.
Thanks for the idea!
Bret
On 04/27/2017 03:42 AM, Florence Blanc-Renaud wrote:
On 04/26/2017 04:33 PM, Bret Wortman wrote:
So I can see my certs using cert-find, but can't get details
On 04/26/2017 04:33 PM, Bret Wortman wrote:
So I can see my certs using cert-find, but can't get details using
cert-show or add new ones using cert-request.
# ipa cert-find
:
--
Number of entries returned 385
--
# ip
Bret Wortman wrote:
> So I can see my certs using cert-find, but can't get details using
> cert-show or add new ones using cert-request.
>
> # ipa cert-find
> :
> --
> Number of entries returned 385
> --
> # ipa cert-s
On 04/26/2017 10:22 AM, Rob Crittenden wrote:
Bret Wortman wrote:
Digging still deeper:
# ipa cert-request f.f --principal=HTTP/`hostname`@DAMASCUSGRP.COM
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (503)
Looks like this is an HTTP err
So I can see my certs using cert-find, but can't get details using
cert-show or add new ones using cert-request.
# ipa cert-find
:
--
Number of entries returned 385
--
# ipa cert-show 895
ipa: ERROR: Certificate operati
Bret Wortman wrote:
> Digging still deeper:
>
> # ipa cert-request f.f --principal=HTTP/`hostname`@DAMASCUSGRP.COM
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (503)
>
> Looks like this is an HTTP error; so is it possible that my IPA thinks
Digging still deeper:
# ipa cert-request f.f --principal=HTTP/`hostname`@DAMASCUSGRP.COM
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (503)
Looks like this is an HTTP error; so is it possible that my IPA thinks
it has a CA but there's no CMS ava
Using the firefox debugger, I get these errors when trying to pop up the
New Certificate dialog:
Empty string passed to getElementById(). (5)
jquery.js:4:1060
TypeError: u is undefined app.js:1:362059
Empty string passed to getElementById(). (5)
jquery.js
Good news. One of my servers _does_ have CA installed. So why does
"Action -> New Certificate" not do anything on this or any other server?
Bret
On 04/25/2017 02:52 PM, Bret Wortman wrote:
I recently had to upgrade all my Fedora IPA servers to C7. It went
well, and we've been up and runnin
I recently had to upgrade all my Fedora IPA servers to C7. It went well,
and we've been up and running nicely on 4.4.0 on C7 for the past month
or so.
Today, someone came and asked me to generate a new certificate for their
web server. All was good until I went to the IPA UI and tried to perfo
17 matches
Mail list logo
