[Freeipa-users] (no subject)
Jimmy
g17jimmy at gmail.com
Wed Mar 14 18:10:40 UTC 2012
I changed the system date and it's functional now. I ran the command `
certutil -L -d /etc/httpd/alias -n Server-Cert` and see the expired
cert. Looking at `ipa-getcert list` I see this--
Request ID '20110913154233':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 4301 (RPC failed
at server. Certificate operation cannot be completed: Unable to
communicate with CMS (Not Found)).
stuck: yes
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-XXXXX',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapdXXXXX//pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-XXXXX',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=XXXXX
subject: CN=csp-idm.pdh.csp,O=XXXXX
expires: 2012-03-11 15:42:32 UTC
eku: id-kp-serverAuth
track: yes
auto-renew: yes
It says "CA_UNREACHABLE", but ipactl status shows the CA running. Any
ideas on why this is occurring?
On Wed, Mar 14, 2012 at 1:35 PM, Jimmy <g17jimmy at gmail.com> wrote:
> My IPA server just stopped working with this error. I'm looking in to
> it, but if anyone knows what the issue is right off I'd appreciate any
> pointers you have.
>
> (when trying to do service ipa start)
> Starting dirsrv:
> PDH-CSP...[14/Mar/2012:17:24:34 +0000] - SSL alert:
> CERT_VerifyCertificateNow: verify certificate failed for cert
> Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape
> Portable Runtime error -8181 - Peer's Certificate has expired.)
> [ OK ]
> PKI-IPA...[14/Mar/2012:17:24:36 +0000] - SSL alert:
> CERT_VerifyCertificateNow: verify certificate failed for cert
> Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape
> Portable Runtime error -8181 - Peer's Certificate has expired.)
> [ OK ]
>
>
> I'm running on Fedora15, running IPA -- freeipa-server-2.1.1-1.fc15.x86_64.
> Thanks.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list