<html><head></head><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:24px"><div id="yui_3_16_0_ym19_1_1469171002174_63450"><span>hi</span></div><div id="yui_3_16_0_ym19_1_1469171002174_63454"><span id="yui_3_16_0_ym19_1_1469171002174_63486">ipactl status  result:</span></div><div id="yui_3_16_0_ym19_1_1469171002174_63487" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63489">---------------------------<br id="yui_3_16_0_ym19_1_1469171002174_63479">Directory Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63480">KDC Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63481">KPASSWD Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63482">MEMCACHE Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63483">HTTP Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63484">CA Service: RUNNING<br id="yui_3_16_0_ym19_1_1469171002174_63485"></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63490" dir="ltr"><span><br></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63491" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63535">getcert list result is :</span></div><div id="yui_3_16_0_ym19_1_1469171002174_63541" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63535">-------------------------</span></div><div id="yui_3_16_0_ym19_1_1469171002174_64235" dir="ltr"><span id="yui_3_16_0_ym19_1_1469171002174_63535">root@ipasrv ~]# getcert list<br id="yui_3_16_0_ym19_1_1469171002174_64004">Number of certificates and requests being tracked: 8.<br id="yui_3_16_0_ym19_1_1469171002174_64005">Request ID '20140817123522':<br id="yui_3_16_0_ym19_1_1469171002174_64006">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64007">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64008">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                                                   auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64009">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='audit                                                   SigningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64010">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64011">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64012">        subject: CN=CA Audit,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64013">        expCOMes: 2018-06-30 07:57:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64014">        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64015">        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigning                                                   Cert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64016">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64017">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64018">Request ID '20140817123523':<br id="yui_3_16_0_ym19_1_1469171002174_64019">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64020">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64021">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                                                   ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64022">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspS                                                   igningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64023">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64024">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64025">        subject: CN=OCSP Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64026">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64027">        eku: id-kp-OCSPSigning<br id="yui_3_16_0_ym19_1_1469171002174_64028">        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64029">        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningC                                                   ert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64030">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64031">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64032">Request ID '20140817123524':<br id="yui_3_16_0_ym19_1_1469171002174_64033">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64034">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64035">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                                                   subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64036">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsy                                                   stemCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64037">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64038">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64039">        subject: CN=CA Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64040">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64041">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64042">        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64043">        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCer                                                   t cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64044">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64045">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64046">Request ID '20140817123525':<br id="yui_3_16_0_ym19_1_1469171002174_64047">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64048">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64049">        key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCe                                                   rt',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64050">        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',t                                                   oken='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64051">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64052">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64053">        subject: CN=IPA RA,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64054">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64055">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64056">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64057">        post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert<br id="yui_3_16_0_ym19_1_1469171002174_64058">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64059">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64060">Request ID '20140817123526':<br id="yui_3_16_0_ym19_1_1469171002174_64061">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64062">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64063">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                                                   Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64064">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Serve                                                   r-Cert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64065">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64066">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64067">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64068">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64069">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64070">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64071">        post-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64072">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64073">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64074">Request ID '20140817123534':<br id="yui_3_16_0_ym19_1_1469171002174_64075">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64076">        ca-error: Error setting up ccache for local "host" service using default                                                    keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64077">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64078">        key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM'                                                   ,nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-MT                                                   NCOMANCELL-COM/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64079">        certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nick                                                   name='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64080">        CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64081">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64082">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64083">        expCOMes: 2016-08-17 12:35:34 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64084">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64085">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64086">        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE-                                                   COM<br id="yui_3_16_0_ym19_1_1469171002174_64087">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64088">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64089">Request ID '20140817123602':<br id="yui_3_16_0_ym19_1_1469171002174_64090">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64091">        ca-error: Error setting up ccache for local "host" service using default                                                    keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64092">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64093">        key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickna                                                   me='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/p                                                   wdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64094">        certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='S                                                   erver-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64095">        CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64096">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64097">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64098">        expCOMes: 2016-08-17 12:36:02 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64099">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64100">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64101">        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA<br id="yui_3_16_0_ym19_1_1469171002174_64102">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64103">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64104">Request ID '20140817123752':<br id="yui_3_16_0_ym19_1_1469171002174_64105">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64106">        ca-error: Error setting up ccache for local "host" service using default                                                    keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64107">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64108">        key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='Serve                                                   r-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64109">        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer                                                   t',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64110">        CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64111">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64112">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64113">        expCOMes: 2016-08-17 12:37:51 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64114">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64115">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64116">        post-save command: /usr/lib64/ipa/certmonger/restart_httpd<br id="yui_3_16_0_ym19_1_1469171002174_64117">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64118">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64119">[root@ipasrv ~]# getcert list<br id="yui_3_16_0_ym19_1_1469171002174_64120">Number of certificates and requests being tracked: 8.<br id="yui_3_16_0_ym19_1_1469171002174_64121">Request ID '20140817123522':<br id="yui_3_16_0_ym19_1_1469171002174_64122">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64123">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64124">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64125">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64126">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64127">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64128">        subject: CN=CA Audit,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64129">        expCOMes: 2018-06-30 07:57:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64130">        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64131">        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64132">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64133">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64134">Request ID '20140817123523':<br id="yui_3_16_0_ym19_1_1469171002174_64135">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64136">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64137">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64138">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64139">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64140">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64141">        subject: CN=OCSP Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64142">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64143">        eku: id-kp-OCSPSigning<br id="yui_3_16_0_ym19_1_1469171002174_64144">        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64145">        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64146">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64147">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64148">Request ID '20140817123524':<br id="yui_3_16_0_ym19_1_1469171002174_64149">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64150">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64151">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64152">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64153">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64154">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64155">        subject: CN=CA Subsystem,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64156">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64157">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64158">        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad<br id="yui_3_16_0_ym19_1_1469171002174_64159">        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca"<br id="yui_3_16_0_ym19_1_1469171002174_64160">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64161">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64162">Request ID '20140817123525':<br id="yui_3_16_0_ym19_1_1469171002174_64163">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64164">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64165">        key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64166">        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64167">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64168">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64169">        subject: CN=IPA RA,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64170">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64171">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64172">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64173">        post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert<br id="yui_3_16_0_ym19_1_1469171002174_64174">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64175">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64176">Request ID '20140817123526':<br id="yui_3_16_0_ym19_1_1469171002174_64177">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64178">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64179">        key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'<br id="yui_3_16_0_ym19_1_1469171002174_64180">        certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64181">        CA: dogtag-ipa-renew-agent<br id="yui_3_16_0_ym19_1_1469171002174_64182">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64183">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64184">        expCOMes: 2018-06-30 07:56:06 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64185">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64186">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64187">        post-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64188">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64189">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64190">Request ID '20140817123534':<br id="yui_3_16_0_ym19_1_1469171002174_64191">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64192">        ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64193">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64194">        key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-EXAMPLE-COM/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64195">        certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64196">        CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64197">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64198">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64199">        expCOMes: 2016-08-17 12:35:34 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64200">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64201">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64202">        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE-COM<br id="yui_3_16_0_ym19_1_1469171002174_64203">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64204">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64205">Request ID '20140817123602':<br id="yui_3_16_0_ym19_1_1469171002174_64206">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64207">        ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64208">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64209">        key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64210">        certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64211">        CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64212">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64213">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64214">        expCOMes: 2016-08-17 12:36:02 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64215">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64216">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64217">        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA<br id="yui_3_16_0_ym19_1_1469171002174_64218">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64219">        auto-renew: yes<br id="yui_3_16_0_ym19_1_1469171002174_64220">Request ID '20140817123752':<br id="yui_3_16_0_ym19_1_1469171002174_64221">        status: MONITORING<br id="yui_3_16_0_ym19_1_1469171002174_64222">        ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br id="yui_3_16_0_ym19_1_1469171002174_64223">        stuck: no<br id="yui_3_16_0_ym19_1_1469171002174_64224">        key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br id="yui_3_16_0_ym19_1_1469171002174_64225">        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'<br id="yui_3_16_0_ym19_1_1469171002174_64226">        CA: IPA<br id="yui_3_16_0_ym19_1_1469171002174_64227">        issuer: CN=Certificate Authority,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64228">        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM<br id="yui_3_16_0_ym19_1_1469171002174_64229">        expCOMes: 2016-08-17 12:37:51 UTC<br id="yui_3_16_0_ym19_1_1469171002174_64230">        eku: id-kp-serverAuth,id-kp-clientAuth<br id="yui_3_16_0_ym19_1_1469171002174_64231">        pre-save command:<br id="yui_3_16_0_ym19_1_1469171002174_64232">        post-save command: /usr/lib64/ipa/certmonger/restart_httpd<br id="yui_3_16_0_ym19_1_1469171002174_64233">        track: yes<br id="yui_3_16_0_ym19_1_1469171002174_64234">        auto-renew: yes<br></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63529" dir="ltr"><span></span></div><div id="yui_3_16_0_ym19_1_1469171002174_63373" class="qtdSeparateBR"><br><br></div><div style="display: block;" id="yui_3_16_0_ym19_1_1469171002174_63377" class="yahoo_quoted">  <div id="yui_3_16_0_ym19_1_1469171002174_63376" style="font-family: verdana, helvetica, sans-serif; font-size: 24px;"> <div id="yui_3_16_0_ym19_1_1469171002174_63375" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_ym19_1_1469171002174_63374" dir="ltr"> <font id="yui_3_16_0_ym19_1_1469171002174_63378" face="Arial" size="2"> <hr id="yui_3_16_0_ym19_1_1469171002174_63448" size="1"> <b><span style="font-weight:bold;">From:</span></b> Rob Crittenden <rcritten@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> mohammad sereshki <mohammadsereshki@yahoo.com>; Freeipa-users <freeipa-users@redhat.com> <br> <b><span style="font-weight: bold;">Sent:</span></b> Saturday, July 23, 2016 11:30 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] ipa-getcert shows error<br> </font> </div> <div id="yui_3_16_0_ym19_1_1469171002174_63385" class="y_msg_container"><br>mohammad sereshki wrote:<br clear="none">> hi<br clear="none">><br clear="none">> I get below error<br clear="none">> ca-error: Error setting up ccache for local "host" service using default<br clear="none">> keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.<br clear="none"><br clear="none">I'm guessing IPA is not running, or not completely running. ipactl <br clear="none">status will tell you.<div class="yqt9123122933" id="yqtfd77246"><br clear="none"><br clear="none">> when I run ipa-getcert list, also how can I check my CAs are renewed or not?</div><br clear="none"><br clear="none">Use just getcert and not ipa-getcert (ipa-getcert returns just a subset <br clear="none">of all certificates being tracked).<br clear="none"><br clear="none">rob<div class="yqt9123122933" id="yqtfd12741"><br clear="none"></div><br><br></div> </div> </div>  </div></div></body></html>