[Freeipa-users] Certificate error when modifying/deleting a host
Sigbjorn Lie
sigbjorn at nixtra.com
Tue Sep 27 19:54:33 UTC 2011
On 09/27/2011 12:34 AM, Dmitri Pal wrote:
> On 09/25/2011 05:49 PM, Sigbjorn Lie wrote:
>>
>> Hi,
>>
>> I have a host that refuses to be modified or deleted. I get the same
>> error from the webui and the cli. I am using F15, FreeIPA 2.1.1 + all
>> updates from the updates repository. I cannot find any error in any
>> log. I have tried to reboot my ipa servers. All services seem to be
>> running and have no issues.
>>
>> The error message I receive is:
>>
>> * Certificate operation cannot be completed: Unable to
>> communicate with CMS (Not Found)
>>
>>
>> I have looked in the Dogtag Certificate Manager, and I can see the
>> certificate. It's still valid, and holds the same serial number as
>> what is displayed using ipa host-show <hostname>.
>>
>> Any suggestions?
>>
>>
>
> Can you please send the sanitized apache logs?
>
These are the apache log lines that correspond to # ipa host-disable
<hostname, and # ipa cert-show <serialno>. I have no config files in my
/etc/httpd/conf.d/ directory that contains any reference to the /ca
directory. Also /var/www/html/ca does not exist.
I notice that the freeipa-server-2.1.1-1.fc15.x86_64 rpm lists a file
/etc/httpd/conf.d/ipa-pki-proxy.conf. However this file does not exist
on any of my 3 IPA servers.
Should that file contain an alias and proxy rules for /ca/ ?
error_log:
[Tue Sep 27 21:44:01 2011] [error] ipa: INFO: admin at IX.TEST.COM: ping():
SUCCESS
[Tue Sep 27 21:44:02 2011] [error] ipa: INFO: sslget
'https://ipasrv01.ix.TEST.com:443/ca/agent/ca/displayBySerial'
[Tue Sep 27 21:44:02 2011] [error] [client 192.168.210.20] File does not
exist: /var/www/html/ca
[Tue Sep 27 21:44:02 2011] [error] ipa: INFO: admin at IX.TEST.COM:
host_disable(u'bck01.ix.TEST.com'): CertificateOperationError
[Tue Sep 27 21:44:08 2011] [error] ipa: INFO: admin at IX.TEST.COM: ping():
SUCCESS
[Tue Sep 27 21:44:09 2011] [error] ipa: INFO: sslget
'https://ipasrv01.ix.TEST.com:443/ca/agent/ca/displayBySerial'
[Tue Sep 27 21:44:09 2011] [error] [client 192.168.210.20] File does not
exist: /var/www/html/ca
[Tue Sep 27 21:44:09 2011] [error] ipa: INFO: admin at IX.TEST.COM:
cert_show(u'268369923'): CertificateOperationError
access_log:
192.168.210.20 - admin at IX.TEST.COM [27/Sep/2011:21:44:00 +0200] "POST
/ipa/xml HTTP/1.1" 200 259
192.168.210.20 - - [27/Sep/2011:21:44:02 +0200] "POST
/ca/agent/ca/displayBySerial HTTP/1.1" 404 314
192.168.210.20 - admin at IX.TEST.COM [27/Sep/2011:21:44:01 +0200] "POST
/ipa/xml HTTP/1.1" 200 360
192.168.210.20 - admin at IX.TEST.COM [27/Sep/2011:21:44:07 +0200] "POST
/ipa/xml HTTP/1.1" 200 259
192.168.210.20 - - [27/Sep/2011:21:44:09 +0200] "POST
/ca/agent/ca/displayBySerial HTTP/1.1" 404 314
192.168.210.20 - admin at IX.TEST.COM [27/Sep/2011:21:44:08 +0200] "POST
/ipa/xml HTTP/1.1" 200 360
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110927/f29e5efe/attachment.htm>
More information about the Freeipa-users
mailing list