[Freeipa-users] ipa-client-install (Invalid Request) - no Host-Certificate
Rob Crittenden
rcritten at redhat.com
Thu Oct 16 14:41:12 UTC 2014
Christof Schulze wrote:
> Hello all,
>
> i am running a FreeIPA server on CentOS for 2 years now with mostly
> Ubuntu 12.04 and some Fedora 20 clients.
>
> Since one week (or more) it is not possible any more to install new
> clients (whether ubuntu nor fedora). The Host gets created on the
> IPA-server but it can not create/exchange a Host-Certificate.
>
> The only thing happened (except regular updates) was a complete
> certificate renewal with no obvious problems some weeks ago.
>
> Web-interface and certmonger show the same error.
>
> ipa-getcert list on the new Hosts:
> status: CA_UNREACHABLE
> ca-error: Server failed request, will retry: 4301 (RPC failed at
> server. Certificate operation cannot be completed: FAILURE (Invalid
> Request)).
> stuck: yes
Given the timeline I'd guess that your CA subsystem certificates have
expired.
On the IPA master run: getcert list (not ipa-getcert)
This will show the current status of things.
What version of IPA is this?
rob
More information about the Freeipa-users
mailing list