Re: [Freeipa-users] Certificate system unavailable [solved]

2014-08-14 Thread Lucas Yamanishi
On 08/07/2014 05:27 PM, Lucas Yamanishi wrote: On 08/07/2014 04:48 PM, Rob Crittenden wrote: Lucas Yamanishi wrote: On 08/07/2014 01:25 PM, Rob Crittenden wrote: Lucas Yamanishi wrote: Hello, I'm a bit of a pickle with the PKI system. I have three replicas, but only one contains the CA. I

Re: [Freeipa-users] Certificate system unavailable

2014-08-07 Thread Rob Crittenden
Lucas Yamanishi wrote: Hello, I'm a bit of a pickle with the PKI system. I have three replicas, but only one contains the CA. I realize how poor a decision it was to do that. I plan to create more complete replicas, but right now I can't even create a replica file, much less a full replica.

Re: [Freeipa-users] Certificate system unavailable

2014-08-07 Thread Lucas Yamanishi
On 08/07/2014 01:25 PM, Rob Crittenden wrote: Lucas Yamanishi wrote: Hello, I'm a bit of a pickle with the PKI system. I have three replicas, but only one contains the CA. I realize how poor a decision it was to do that. I plan to create more complete replicas, but right now I can't even

Re: [Freeipa-users] Certificate system unavailable

2014-08-07 Thread Rob Crittenden
Lucas Yamanishi wrote: On 08/07/2014 01:25 PM, Rob Crittenden wrote: Lucas Yamanishi wrote: Hello, I'm a bit of a pickle with the PKI system. I have three replicas, but only one contains the CA. I realize how poor a decision it was to do that. I plan to create more complete replicas, but

Re: [Freeipa-users] Certificate system unavailable

2014-08-07 Thread Lucas Yamanishi
On 08/07/2014 04:48 PM, Rob Crittenden wrote: Lucas Yamanishi wrote: On 08/07/2014 01:25 PM, Rob Crittenden wrote: Lucas Yamanishi wrote: Hello, I'm a bit of a pickle with the PKI system. I have three replicas, but only one contains the CA. I realize how poor a decision it was to do that.

Re: [Freeipa-users] Certificate system unavailable

2014-02-20 Thread Sigbjorn Lie
On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote: On Tue, February 18, 2014 20:45, Rob Crittenden wrote: Sigbjorn Lie wrote: On what machine are you trying to use the ipa tool? Is it one of the masters, all of them, enrolled clients? It's the same error message when the ipa

Re: [Freeipa-users] Certificate system unavailable

2014-02-20 Thread Rob Crittenden
Sigbjorn Lie wrote: On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote: On Tue, February 18, 2014 20:45, Rob Crittenden wrote: Sigbjorn Lie wrote: On what machine are you trying to use the ipa tool? Is it one of the masters, all of them, enrolled clients? It's the same error

Re: [Freeipa-users] Certificate system unavailable

2014-02-20 Thread Sigbjorn Lie
On 20/02/14 21:19, Rob Crittenden wrote: Sigbjorn Lie wrote: On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote: On Tue, February 18, 2014 20:45, Rob Crittenden wrote: Sigbjorn Lie wrote: On what machine are you trying to use the ipa tool? Is it one of the masters, all of them,

Re: [Freeipa-users] Certificate system unavailable

2014-02-20 Thread Rob Crittenden
Sigbjorn Lie wrote: On 20/02/14 21:19, Rob Crittenden wrote: Sigbjorn Lie wrote: On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote: On Tue, February 18, 2014 20:45, Rob Crittenden wrote: Sigbjorn Lie wrote: On what machine are you trying to use the ipa tool? Is it one of the

Re: [Freeipa-users] Certificate system unavailable

2014-02-20 Thread Sigbjorn Lie
On 20/02/14 21:38, Rob Crittenden wrote: Sigbjorn Lie wrote: On 20/02/14 21:19, Rob Crittenden wrote: Sigbjorn Lie wrote: On Wed, February 19, 2014 13:45, Sigbjorn Lie wrote: On Tue, February 18, 2014 20:45, Rob Crittenden wrote: Sigbjorn Lie wrote: On what machine are you trying

Re: [Freeipa-users] Certificate system unavailable

2014-02-20 Thread Rob Crittenden
Sigbjorn Lie wrote: On 20/02/14 21:38, Rob Crittenden wrote: I am surprised too. I dumped the PKI CA certificate from /etc/pki/nssdb before and after I updated it into text files, and diff'ed them. No differences was reported. I can't think of a reason it would be using the sqlite database

Re: [Freeipa-users] Certificate system unavailable

2014-02-20 Thread Sigbjorn Lie
On 20/02/14 23:08, Rob Crittenden wrote: Sigbjorn Lie wrote: On 20/02/14 21:38, Rob Crittenden wrote: I am surprised too. I dumped the PKI CA certificate from /etc/pki/nssdb before and after I updated it into text files, and diff'ed them. No differences was reported. I can't think of a

Re: [Freeipa-users] Certificate system unavailable

2014-02-18 Thread Sigbjorn Lie
On Mon, February 17, 2014 17:59, Rob Crittenden wrote: Sigbjorn Lie wrote: On Mon, February 17, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 17:18, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 15:29, Rob

Re: [Freeipa-users] Certificate system unavailable

2014-02-18 Thread Rob Crittenden
Sigbjorn Lie wrote: On what machine are you trying to use the ipa tool? Is it one of the masters, all of them, enrolled clients? It's the same error message when the ipa command is run directly on any of the masters. And it's the same error message if I run the ipa command on any of the

Re: [Freeipa-users] Certificate system unavailable

2014-02-17 Thread Sigbjorn Lie
On Fri, February 14, 2014 17:18, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 15:29, Rob Crittenden wrote: Sigbjorn Lie wrote: It would seem like we're still encountering some issues. The date has now passed for when the old certificate expired, and the

Re: [Freeipa-users] Certificate system unavailable

2014-02-17 Thread Sigbjorn Lie
On Mon, February 17, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 17:18, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 15:29, Rob Crittenden wrote: Sigbjorn Lie wrote: It would seem like we're still encountering

Re: [Freeipa-users] Certificate system unavailable

2014-02-17 Thread Sigbjorn Lie
On Mon, February 17, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 17:18, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 15:29, Rob Crittenden wrote: Sigbjorn Lie wrote: It would seem like we're still encountering

Re: [Freeipa-users] Certificate system unavailable

2014-02-17 Thread Sigbjorn Lie
On Mon, February 17, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 17:18, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 15:29, Rob Crittenden wrote: Sigbjorn Lie wrote: It would seem like we're still encountering

Re: [Freeipa-users] Certificate system unavailable

2014-02-17 Thread Rob Crittenden
Sigbjorn Lie wrote: On Mon, February 17, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 17:18, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, February 14, 2014 15:29, Rob Crittenden wrote: Sigbjorn Lie wrote: It would seem like we're

Re: [Freeipa-users] Certificate system unavailable

2014-02-14 Thread Sigbjorn Lie
On Fri, January 31, 2014 20:32, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, January 17, 2014 16:37, Rob Crittenden wrote: Sigbjorn Lie wrote: This worked better than expected. Thank you! :) ipa01 and ipa02 seem to be happy again, getcert list no longer displays any

Re: [Freeipa-users] Certificate system unavailable

2014-02-14 Thread Rob Crittenden
Sigbjorn Lie wrote: It would seem like we're still encountering some issues. The date has now passed for when the old certificate expired, and the ipa cli command no longer works. The webui is still working just fine. These are the errors I receive. $ ipa user-find ipa: ERROR: cert

Re: [Freeipa-users] Certificate system unavailable

2014-02-14 Thread Sigbjorn Lie
On Fri, February 14, 2014 15:29, Rob Crittenden wrote: Sigbjorn Lie wrote: It would seem like we're still encountering some issues. The date has now passed for when the old certificate expired, and the ipa cli command no longer works. The webui is still working just fine. These are

Re: [Freeipa-users] Certificate system unavailable

2014-02-14 Thread Rob Crittenden
Sigbjorn Lie wrote: On Fri, February 14, 2014 15:29, Rob Crittenden wrote: Sigbjorn Lie wrote: It would seem like we're still encountering some issues. The date has now passed for when the old certificate expired, and the ipa cli command no longer works. The webui is still working just

Re: [Freeipa-users] Certificate system unavailable

2014-02-03 Thread Martin Kosek
On 01/31/2014 08:32 PM, Rob Crittenden wrote: Sigbjorn Lie wrote: On Fri, January 17, 2014 16:37, Rob Crittenden wrote: Sigbjorn Lie wrote: This worked better than expected. Thank you! :) ipa01 and ipa02 seem to be happy again, getcert list no longer displays any certificates out of

Re: [Freeipa-users] Certificate system unavailable

2014-01-31 Thread Sigbjorn Lie
On Fri, January 17, 2014 16:37, Rob Crittenden wrote: Sigbjorn Lie wrote: This worked better than expected. Thank you! :) ipa01 and ipa02 seem to be happy again, getcert list no longer displays any certificates out of date, and all certificates in need of renewal within 28 days has

Re: [Freeipa-users] Certificate system unavailable

2014-01-31 Thread Dmitri Pal
On 01/31/2014 10:00 AM, Sigbjorn Lie wrote: On Fri, January 17, 2014 16:37, Rob Crittenden wrote: Sigbjorn Lie wrote: This worked better than expected. Thank you! :) ipa01 and ipa02 seem to be happy again, getcert list no longer displays any certificates out of date, and all

Re: [Freeipa-users] Certificate system unavailable

2014-01-31 Thread Sigbjorn Lie
Sure thing! I'll send them to you in private. Regards Siggi Dmitri Pal d...@redhat.com wrote: On 01/31/2014 10:00 AM, Sigbjorn Lie wrote: On Fri, January 17, 2014 16:37, Rob Crittenden wrote: Sigbjorn Lie wrote: This worked better than expected. Thank you! :) ipa01 and ipa02 seem to be

Re: [Freeipa-users] Certificate system unavailable

2014-01-31 Thread Rob Crittenden
Sigbjorn Lie wrote: On Fri, January 17, 2014 16:37, Rob Crittenden wrote: Sigbjorn Lie wrote: This worked better than expected. Thank you! :) ipa01 and ipa02 seem to be happy again, getcert list no longer displays any certificates out of date, and all certificates in need of renewal

Re: [Freeipa-users] Certificate system unavailable

2014-01-17 Thread Rob Crittenden
Sigbjorn Lie wrote: This worked better than expected. Thank you! :) ipa01 and ipa02 seem to be happy again, getcert list no longer displays any certificates out of date, and all certificates in need of renewal within 28 days has been renewed. The webui also started working again and things

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Rob Crittenden
Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA installation. Looking up hosts in the IPA WEBUI on any of the IPA servers says Certificate format error: [Errno -8015] error (-8015) unknown. I also notice that hosts says the certificate system is

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Sigbjorn Lie
On Mon, January 13, 2014 15:58, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA installation. Looking up hosts in the IPA WEBUI on any of the IPA servers says Certificate format error: [Errno -8015] error (-8015) unknown.

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Rob Crittenden
Sigbjorn Lie wrote: On Mon, January 13, 2014 15:58, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA installation. Looking up hosts in the IPA WEBUI on any of the IPA servers says Certificate format error: [Errno -8015] error

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Sigbjorn Lie
On Mon, January 13, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Mon, January 13, 2014 15:58, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA installation. Looking up hosts in the IPA WEBUI on any of the IPA

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Sigbjorn Lie
Hi, Thank you for your prompt reply Rob. On Mon, January 13, 2014 15:58, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA installation. Looking up hosts in the IPA WEBUI on any of the IPA servers says Certificate format error:

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Sigbjorn Lie
On Mon, January 13, 2014 16:17, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, Thank you for your prompt reply Rob. On Mon, January 13, 2014 15:58, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA installation. Looking

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Nalin Dahyabhai
On Mon, Jan 13, 2014 at 04:07:16PM +0100, Sigbjorn Lie wrote: After I restarted dirsrv, pki-cad and then the httpd on ipa01 the status of the request is now: Request ID '20120119194518': status: CA_UNREACHABLE ca-error: Server failed request, will retry: 907 (RPC failed at

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Sigbjorn Lie
On 13/01/14 19:13, Nalin Dahyabhai wrote: On Mon, Jan 13, 2014 at 04:07:16PM +0100, Sigbjorn Lie wrote: After I restarted dirsrv, pki-cad and then the httpd on ipa01 the status of the request is now: Request ID '20120119194518': status: CA_UNREACHABLE ca-error: Server failed

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Rob Crittenden
Sigbjorn Lie wrote: On Mon, January 13, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Mon, January 13, 2014 15:58, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA installation. Looking up hosts in the IPA

Re: [Freeipa-users] Certificate system unavailable

2014-01-13 Thread Sigbjorn Lie
On 13/01/14 19:37, Rob Crittenden wrote: Sigbjorn Lie wrote: On Mon, January 13, 2014 16:34, Rob Crittenden wrote: Sigbjorn Lie wrote: On Mon, January 13, 2014 15:58, Rob Crittenden wrote: Sigbjorn Lie wrote: Hi, I seem to have issues with the certificate system on my IPA