[Freeipa-users] ipa-replica-prepare Certificate issuance failed
Chris Evich
cevich at redhat.com
Sun May 6 00:01:14 UTC 2012
On 05/04/2012 04:17 PM, Chris Evich wrote:
> I'm stumped. Where to look next?
Did some poking around (n/b I haven't used cert system much/at all
before) and found this:
[root@<replica> conf.d]# ipa-getcert list -r
Number of certificates and requests being tracked: 1.
Request ID '20120504213228':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 4301 (RPC failed at
server. Certificate operation cannot be completed: FAILURE (Profile
caIPAserviceCert Not Found)).
stuck: yes
key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA
Machine Certificate - <replica fqdn>',token='NSS Certificate DB'
certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine
Certificate - <replica fqdn>'
CA: IPA
issuer:
subject:
expires: unknown
command:
track: yes
auto-renew: yes
That makes me think maybe there's just a missing service principal or
something I can add? I'll see if I can remove that request and try
running ipa-replica-prepare again to see if it still gives that error
(systems have been restarted since then). Though any other
suggestions/ideas of what I can try or look at are much appreciated.
Thanks.
More information about the Freeipa-users
mailing list