<html><head></head><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:24px"><div id="yui_3_16_0_ym19_1_1469171002174_63450"><span>hi</span></div><div id="yui_3_16_0_ym19_1_1469171002174_63454"><span id="yui_3_16_0_ym19_1_1469171002174_63486">ipactl status result:</span></div><div id="yui_3_16_0_ym19_1_1469171002174_63487" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63489">---------------------------<br id="yui_3_16_0_ym19_1_1469171002174_63479">Directory Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63480">KDC Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63481">KPASSWD Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63482">MEMCACHE Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63483">HTTP Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63484">CA Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63485"></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63490" dir="ltr"><span><br></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63491" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63535">getcert list result is :</span></div><div id="yui_3_16_0_ym19_1_1469171002174_63541" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63535">-------------------------</span></div><div id="yui_3_16_0_ym19_1_1469171002174_64235" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63535">root@ipasrv ~]# getcert list<br id="yui_3_16_0_ym19_1_1469171002174_64004">Number of certificates and requests being tracked: 8.<br id="yui_3_16_0_ym19_1_1469171002174_64005">Request ID '20140817123522':<br id="yui_3_16_0_ym19_1_1469171002174_64006"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64007"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64008"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64009"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='audit SigningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64010"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64011"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64012"> subject: CN=CA Audit,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64013"> expCOMes: 2018-06-30 07:57:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64014"> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64015"> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigning Cert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64016"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64017"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64018">Request ID '20140817123523':<br id="yui_3_16_0_ym19_1_1469171002174_64019"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64020"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64021"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64022"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspS igningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64023"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64024"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64025"> subject: CN=OCSP Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64026"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64027"> eku: id-kp-OCSPSigning<br id="yui_3_16_0_ym19_1_1469171002174_64028"> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64029"> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningC ert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64030"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64031"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64032">Request ID '20140817123524':<br id="yui_3_16_0_ym19_1_1469171002174_64033"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64034"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64035"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64036"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsy stemCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64037"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64038"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64039"> subject: CN=CA Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64040"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64041"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64042"> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64043"> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCer t cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64044"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64045"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64046">Request ID '20140817123525':<br id="yui_3_16_0_ym19_1_1469171002174_64047"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64048"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64049"> key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCe rt',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64050"> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',t oken='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64051"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64052"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64053"> subject: CN=IPA RA,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64054"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64055"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64056"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64057"> post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert<br id="yui_3_16_0_ym19_1_1469171002174_64058"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64059"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64060">Request ID '20140817123526':<br id="yui_3_16_0_ym19_1_1469171002174_64061"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64062"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64063"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64064"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Serve r-Cert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64065"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64066"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64067"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64068"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64069"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64070"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64071"> post-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64072"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64073"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64074">Request ID '20140817123534':<br id="yui_3_16_0_ym19_1_1469171002174_64075"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64076"> ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64077"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64078"> key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM' ,nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-MT NCOMANCELL-COM/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64079"> certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nick name='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64080"> CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64081"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64082"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64083"> expCOMes: 2016-08-17 12:35:34 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64084"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64085"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64086"> post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE- COM<br id="yui_3_16_0_ym19_1_1469171002174_64087"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64088"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64089">Request ID '20140817123602':<br id="yui_3_16_0_ym19_1_1469171002174_64090"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64091"> ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64092"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64093"> key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickna me='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/p wdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64094"> certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='S erver-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64095"> CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64096"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64097"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64098"> expCOMes: 2016-08-17 12:36:02 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64099"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64100"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64101"> post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA<br id="yui_3_16_0_ym19_1_1469171002174_64102"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64103"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64104">Request ID '20140817123752':<br id="yui_3_16_0_ym19_1_1469171002174_64105"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64106"> ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64107"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64108"> key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='Serve r-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64109"> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer t',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64110"> CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64111"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64112"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64113"> expCOMes: 2016-08-17 12:37:51 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64114"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64115"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64116"> post-save command: /usr/lib64/ipa/certmonger/restart_httpd<br id="yui_3_16_0_ym19_1_1469171002174_64117"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64118"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64119">[root@ipasrv ~]# getcert list<br id="yui_3_16_0_ym19_1_1469171002174_64120">Number of certificates and requests being tracked: 8.<br id="yui_3_16_0_ym19_1_1469171002174_64121">Request ID '20140817123522':<br id="yui_3_16_0_ym19_1_1469171002174_64122"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64123"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64124"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64125"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64126"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64127"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64128"> subject: CN=CA Audit,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64129"> expCOMes: 2018-06-30 07:57:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64130"> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64131"> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64132"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64133"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64134">Request ID '20140817123523':<br id="yui_3_16_0_ym19_1_1469171002174_64135"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64136"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64137"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64138"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64139"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64140"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64141"> subject: CN=OCSP Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64142"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64143"> eku: id-kp-OCSPSigning<br id="yui_3_16_0_ym19_1_1469171002174_64144"> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64145"> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64146"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64147"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64148">Request ID '20140817123524':<br id="yui_3_16_0_ym19_1_1469171002174_64149"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64150"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64151"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64152"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64153"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64154"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64155"> subject: CN=CA Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64156"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64157"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64158"> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64159"> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64160"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64161"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64162">Request ID '20140817123525':<br id="yui_3_16_0_ym19_1_1469171002174_64163"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64164"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64165"> key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64166"> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64167"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64168"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64169"> subject: CN=IPA RA,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64170"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64171"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64172"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64173"> post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert<br id="yui_3_16_0_ym19_1_1469171002174_64174"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64175"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64176">Request ID '20140817123526':<br id="yui_3_16_0_ym19_1_1469171002174_64177"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64178"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64179"> key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64180"> certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64181"> CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64182"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64183"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64184"> expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64185"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64186"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64187"> post-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64188"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64189"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64190">Request ID '20140817123534':<br id="yui_3_16_0_ym19_1_1469171002174_64191"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64192"> ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64193"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64194"> key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-EXAMPLE-COM/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64195"> certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64196"> CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64197"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64198"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64199"> expCOMes: 2016-08-17 12:35:34 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64200"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64201"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64202"> post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE-COM<br id="yui_3_16_0_ym19_1_1469171002174_64203"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64204"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64205">Request ID '20140817123602':<br id="yui_3_16_0_ym19_1_1469171002174_64206"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64207"> ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64208"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64209"> key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64210"> certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64211"> CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64212"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64213"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64214"> expCOMes: 2016-08-17 12:36:02 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64215"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64216"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64217"> post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA<br id="yui_3_16_0_ym19_1_1469171002174_64218"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64219"> auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64220">Request ID '20140817123752':<br id="yui_3_16_0_ym19_1_1469171002174_64221"> status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64222"> ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64223"> stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64224"> key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64225"> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64226"> CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64227"> issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64228"> subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64229"> expCOMes: 2016-08-17 12:37:51 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64230"> eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64231"> pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64232"> post-save command: /usr/lib64/ipa/certmonger/restart_httpd<br id="yui_3_16_0_ym19_1_1469171002174_64233"> track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64234"> auto-renew: yes<br></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63529" dir="ltr"><span></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63373" class="qtdSeparateBR"><br><br></div><div style="display: block;" id="yui_3_16_0_ym19_1_1469171002174_63377" class="yahoo_quoted"> <div id="yui_3_16_0_ym19_1_1469171002174_63376" style="font-family: verdana, helvetica, sans-serif; font-size: 24px;"> <div id="yui_3_16_0_ym19_1_1469171002174_63375" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_ym19_1_1469171002174_63374" dir="ltr"> <font id="yui_3_16_0_ym19_1_1469171002174_63378" face="Arial" size="2"> <hr id="yui_3_16_0_ym19_1_1469171002174_63448" size="1"> <b><span style="font-weight:bold;">From:</span></b> Rob Crittenden <rcritten@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> mohammad sereshki <mohammadsereshki@yahoo.com>; Freeipa-users <freeipa-users@redhat.com> <br> <b><span style="font-weight: bold;">Sent:</span></b> Saturday, July 23, 2016 11:30 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] ipa-getcert shows error<br> </font> </div> <div id="yui_3_16_0_ym19_1_1469171002174_63385" class="y_msg_container"><br>mohammad sereshki wrote:<br clear="none">> hi<br clear="none">><br clear="none">> I get below error<br clear="none">> ca-error: Error setting up ccache for local "host" service using default<br clear="none">> keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br clear="none"><br clear="none">I'm guessing IPA is not running, or not completely running. ipactl <br clear="none">status will tell you.<div class="yqt9123122933" id="yqtfd77246"><br clear="none"><br clear="none">> when I run ipa-getcert list, also how can I check my CAs are renewed or not?</div><br clear="none"><br clear="none">Use just getcert and not ipa-getcert (ipa-getcert returns just a subset <br clear="none">of all certificates being tracked).<br clear="none"><br clear="none">rob<div class="yqt9123122933" id="yqtfd12741"><br clear="none"></div><br><br></div> </div> </div> </div></div></body></html>