<html><head></head><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:24px"><div id="yui_3_16_0_ym19_1_1469042370452_24542">dear <br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1469042370452_24544">thanks, but would you please check below and let me know what is your idea?I checked your command but it did not work.</div><div id="yui_3_16_0_ym19_1_1469042370452_24565" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1469042370452_24567" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1469042370452_24541"><br></div><div id="yui_3_16_0_ym19_1_1469042370452_24539" dir="ltr">Number of certificates and requests being tracked: 8.<br id="yui_3_16_0_ym19_1_1469042370452_24474">Request ID '20140817123525':<br id="yui_3_16_0_ym19_1_1469042370452_24475">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469042370452_24476">        ca-error: Unable to determine principal name for signing request.<br id="yui_3_16_0_ym19_1_1469042370452_24477">        stuck: no<br id="yui_3_16_0_ym19_1_1469042370452_24478">        key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469042370452_24479">        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469042370452_24480">        CA: IPA<br id="yui_3_16_0_ym19_1_1469042370452_24481">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24482">        subject: CN=IPA RA,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24483">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469042370452_24484">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469042370452_24485">        pre-save command:<br id="yui_3_16_0_ym19_1_1469042370452_24486">        post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert<br id="yui_3_16_0_ym19_1_1469042370452_24487">        track: yes<br id="yui_3_16_0_ym19_1_1469042370452_24488">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469042370452_24489">Request ID '20140817123534':<br id="yui_3_16_0_ym19_1_1469042370452_24490">        status: CA_UNREACHABLE<br id="yui_3_16_0_ym19_1_1469042370452_24491">        ca-error: Server failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)).<br id="yui_3_16_0_ym19_1_1469042370452_24492">        stuck: yes<br id="yui_3_16_0_ym19_1_1469042370452_24493">        key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE.-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-EXAMPLE.-COM/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469042370452_24494">        certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE.-COM',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469042370452_24495">        CA: IPA<br id="yui_3_16_0_ym19_1_1469042370452_24496">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24497">        subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24498">        expCOMes: 2016-08-17 12:35:34 UTC<br id="yui_3_16_0_ym19_1_1469042370452_24499">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469042370452_24500">        pre-save command:<br id="yui_3_16_0_ym19_1_1469042370452_24501">        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE.-COM<br id="yui_3_16_0_ym19_1_1469042370452_24502">        track: yes<br id="yui_3_16_0_ym19_1_1469042370452_24503">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469042370452_24504">Request ID '20140817123602':<br id="yui_3_16_0_ym19_1_1469042370452_24505">        status: CA_UNREACHABLE<br id="yui_3_16_0_ym19_1_1469042370452_24506">        ca-error: Server failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)).<br id="yui_3_16_0_ym19_1_1469042370452_24507">        stuck: yes<br id="yui_3_16_0_ym19_1_1469042370452_24508">        key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469042370452_24509">        certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469042370452_24510">        CA: IPA<br id="yui_3_16_0_ym19_1_1469042370452_24511">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24512">        subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24513">        expCOMes: 2016-08-17 12:36:02 UTC<br id="yui_3_16_0_ym19_1_1469042370452_24514">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469042370452_24515">        pre-save command:<br id="yui_3_16_0_ym19_1_1469042370452_24516">        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA<br id="yui_3_16_0_ym19_1_1469042370452_24517">        track: yes<br id="yui_3_16_0_ym19_1_1469042370452_24518">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469042370452_24519">Request ID '20140817123752':<br id="yui_3_16_0_ym19_1_1469042370452_24520">        status: CA_UNREACHABLE<br id="yui_3_16_0_ym19_1_1469042370452_24521">        ca-error: Server failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)).<br id="yui_3_16_0_ym19_1_1469042370452_24522">        stuck: yes<br id="yui_3_16_0_ym19_1_1469042370452_24523">        key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469042370452_24524">        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469042370452_24525">        CA: IPA<br id="yui_3_16_0_ym19_1_1469042370452_24526">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24527">        subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469042370452_24528">        expCOMes: 2016-08-17 12:37:51 UTC<br id="yui_3_16_0_ym19_1_1469042370452_24529">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469042370452_24530">        pre-save command:<br id="yui_3_16_0_ym19_1_1469042370452_24531">        post-save command: /usr/lib64/ipa/certmonger/restart_httpd<br id="yui_3_16_0_ym19_1_1469042370452_24532">        track: yes<br id="yui_3_16_0_ym19_1_1469042370452_24533">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469042370452_24534">You have new mail in /var/spool/mail/root<br></div><div><span></span></div><div class="qtdSeparateBR"><br><br></div><div style="display: block;" class="yahoo_quoted">  <div style="font-family: verdana, helvetica, sans-serif; font-size: 24px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Florence Blanc-Renaud <flo@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> mohammad sereshki <mohammadsereshki@yahoo.com>; Freeipa-users <freeipa-users@redhat.com> <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, July 21, 2016 11:30 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] regenerate certificate<br> </font> </div> <div class="y_msg_container"><br>On 07/20/2016 10:04 PM, mohammad sereshki wrote:<br clear="none">> hi<br clear="none">> I check my IPA server which is version ipa-server-3.0.0-25 , command<br clear="none">> "ipa-get-cert list" show, my certificate will be expired in next 20 days,<br clear="none">> I do not know how to regenerate them<br clear="none">> but command "getcert list" shows epirtion certificates are related just<br clear="none">> to "CA:IPA" and certificate " CA: dogtag-ipa-renew-agent" ,  has enough<br clear="none">> time .<br clear="none">> would you please help me to know how to regenerate CA:IPA certificates?<br clear="none">><br clear="none">> Best Regards<br clear="none">><br clear="none">><br clear="none">><br clear="none"><br clear="none">Hi Mohammad,<br clear="none"><br clear="none">the certificates issued by IPA CA are normally tracked by certmonger and <br clear="none">automatically renewed when they are near their expiration date. To make <br clear="none">sure that your certificates are tracked, you can issue<div class="yqt0157115984" id="yqtfd29169"><br clear="none">$ ipa-getcert list</div><br clear="none">and check the "status:" field for each certificate. It should display <br clear="none">"MONITORING".<br clear="none"><br clear="none">If you want to manually renew them, you must note their request ID and <br clear="none">use the command<br clear="none">$ ipa-getcert resubmit -i $REQUEST_ID<br clear="none"><br clear="none">Hope this helps,<br clear="none">Flo.<div class="yqt0157115984" id="yqtfd96957"><br clear="none"></div><br><br></div> </div> </div>  </div></div></body></html>