<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hello everyone,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I’m new here and have problem with IPA Server<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>our single IPA Server all Certificate was expired.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Autorenewal not worked, so I read the docu <a href="http://www.freeipa.org/page/IPA_2x_Certificate_Renewal">http://www.freeipa.org/page/IPA_2x_Certificate_Renewal</a> and do manually<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>my server is centos 6.4 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> [root@be-ipasrv ~]# rpm -qa | grep ipa<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-client-3.0.0-26.el6_4.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-server-3.0.0-26.el6_4.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>python-iniparse-0.3.1-2.1.el6.noarch<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-python-3.0.0-26.el6_4.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>libipa_hbac-1.9.2-82.7.el6_4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>libipa_hbac-python-1.9.2-82.7.el6_4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-pki-common-theme-9.0.3-7.el6.noarch<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-admintools-3.0.0-26.el6_4.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-pki-ca-theme-9.0.3-7.el6.noarch<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-server-selinux-3.0.0-26.el6_4.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I change the Domain name to EXAMPLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The 5 CAs: dogtag-ipa-renew-agent get new certificate and has status MONITORING.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Only the last 3 CA: IPA (dirv-slapd-PKI-IPA, dirv-slapd-EXAMPLE, /etc/httpd/alias) not renew, hab Status CA_UNREACHABLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Number of certificates and requests being tracked: 8.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090810':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: MONITORING<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='379816045864'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: dogtag-ipa-renew-agent<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=CA Audit,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2017-04-29 08:14:24 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090811':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: MONITORING<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='379816045864'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: dogtag-ipa-renew-agent<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=OCSP Subsystem,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2017-04-29 08:13:24 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-OCSPSigning<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090812':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: MONITORING<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='379816045864'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: dogtag-ipa-renew-agent<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=CA Subsystem,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2017-04-29 08:13:24 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090813':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: MONITORING<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: dogtag-ipa-renew-agent<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=IPA RA,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2017-04-29 08:13:24 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090814':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: MONITORING<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='379816045864'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: dogtag-ipa-renew-agent<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN= EXAMPLE.de,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2017-04-29 08:13:24 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090822':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: CA_UNREACHABLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ca-error: Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Unable to communicate with CMS (Internal Server Error)).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/etc/dirsrv/slapd- EXAMPLE -DE',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd- EXAMPLE -DE/pwdfile.txt'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/etc/dirsrv/slapd- EXAMPLE -DE',nickname='Server-Cert',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: IPA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=example.de,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2015-05-29 09:08:22 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv EXAMPLE -DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090849':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: CA_UNREACHABLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ca-error: Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Unable to communicate with CMS (Internal Server Error)).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: IPA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=example.de,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2015-05-29 09:08:49 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv PKI-IPA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090923':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: CA_UNREACHABLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ca-error: Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Unable to communicate with CMS (Internal Server Error)).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: IPA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=example.de,O= EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2015-05-29 09:09:23 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command: /usr/lib64/ipa/certmonger/restart_httpd<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>later I update the os to centos 6.6 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>[root@be-ipasrv]# rpm -qa | grep ipa<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>sssd-ipa-1.11.6-30.el6_6.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-admintools-3.0.0-42.el6.centos.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-python-3.0.0-42.el6.centos.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>python-iniparse-0.3.1-2.1.el6.noarch<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>libipa_hbac-python-1.11.6-30.el6_6.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-pki-common-theme-9.0.3-7.el6.noarch<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-server-3.0.0-42.el6.centos.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-client-3.0.0-42.el6.centos.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-server-selinux-3.0.0-42.el6.centos.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>libipa_hbac-1.11.6-30.el6_6.4.x86_64<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>ipa-pki-ca-theme-9.0.3-7.el6.noarch<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>i get same status of the last 3. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090822':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: CA_UNREACHABLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ca-error: Server at <a href="https://be-ipasrv.tibet.traffics-switch.de/ipa/xml">https://example.de/ipa/xml</a> failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Failure decoding Certificate Signing Request).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-DE',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-EXAMPLE-DE/pwdfile.txt'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-DE',nickname='Server-Cert',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: IPA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O=EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=example.de,O=EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2015-05-29 09:08:22 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090849':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: CA_UNREACHABLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ca-error: Server at <a href="https://be-ipasrv.tibet.traffics-switch.de/ipa/xml">https://example.de/ipa/xml</a> failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Failure decoding Certificate Signing Request).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: IPA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O=EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=example.de,O=EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2015-05-29 09:08:49 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Request ID '20130528090923':<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> status: CA_UNREACHABLE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ca-error: Server at <a href="https://be-ipasrv.tibet.traffics-switch.de/ipa/xml">https://example.de/ipa/xml</a> failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Failure decoding Certificate Signing Request).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> stuck: no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> CA: IPA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> issuer: CN=Certificate Authority,O=EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> subject: CN=example.de,O=EXAMPLE.DE<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> expires: 2015-05-29 09:09:23 UTC<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eku: id-kp-serverAuth,id-kp-clientAuth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> pre-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> post-save command:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> track: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto-renew: yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>i read all the post on redhat archive and goolge. I cannot find a solution.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Anybody know the issue?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Best Regards<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Jian<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>