<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Using the firefox debugger, I get these errors when trying to pop
up the New Certificate dialog:</p>
<blockquote>
<p><font face="Courier New, Courier, monospace">Empty string
passed to getElementById(). (5) jquery.js:4:1060<br>
TypeError: u is undefined
app.js:1:362059<br>
Empty string passed to getElementById(). (5)
jquery.js:4:1060<br>
TypeError: t is undefined
app.js:1:217432</font><br>
</p>
</blockquote>
<p>I'm definitely not a web kind of guy so I'm not sure if this is
helpful or not. This is on 4.4.0, API Version 2.213.</p>
<p><br>
</p>
<p>Bret<br>
</p>
<br>
<div class="moz-cite-prefix">On 04/26/2017 08:35 AM, Bret Wortman
wrote:<br>
</div>
<blockquote
cite="mid:2da4022b-408a-846e-1acf-1d1b576987a6@damascusgrp.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>Good news. One of my servers _does_ have CA installed. So why
does "Action -> New Certificate" not do anything on this or
any other server?</p>
<p><br>
</p>
<p>Bret<br>
</p>
<br>
<div class="moz-cite-prefix">On 04/25/2017 02:52 PM, Bret Wortman
wrote:<br>
</div>
<blockquote
cite="mid:25b53b08-ede0-7627-4b31-d9cb7de50b38@damascusgrp.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<p>I recently had to upgrade all my Fedora IPA servers to C7. It
went well, and we've been up and running nicely on 4.4.0 on C7
for the past month or so.</p>
<p>Today, someone came and asked me to generate a new
certificate for their web server. All was good until I went to
the IPA UI and tried to perform Actions->New Certificate,
which did nothing. I tried each of our 3 servers in turn. All
came back with no popup window and no error, either.</p>
<p>I suspect the problem might be that we no longer have a CA
server due to the method I used to upgrade the servers. I
likely missed a "--setup-ca" in there somewhere, so my rolling
update rolled over the CA.</p>
<p>What's my best hope of recovery? I never ran this before, so
I'm not sure if this shows that I'm missing a CA or not:<br>
</p>
<blockquote>
<p><font size="-1" face="Courier New, Courier, monospace">#
ipa ca-find<br>
------------<br>
1 CA matched<br>
------------<br>
Name: ipa<br>
Description IPA CA<br>
Authority ID: 3ce3346[...]<br>
Subject DN: CN=Certificate Authority, O=DAMASCUSGRP.COM<br>
Issuer DN: CN=Certificate Authority,O=DAMASCUSGRP.COM<br>
----------------------------<br>
Number of entries returned 1<br>
</font><font face="Courier New, Courier, monospace"><font
size="-1">----------------------------<br>
# ipa ca-add dg --desc "Damascus Group" --subject "CN=DG
CA, O=DAMASCUSGRP.COM"<br>
ipa: ERROR: Failed to authenticate to CA REST API<br>
# klist<br>
Ticket cache: KEYRING:persistent:0:0<br>
Default principal: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:admin@DAMASCUSGRP.COM">admin@DAMASCUSGRP.COM</a><br>
<br>
Valid starting Expires Service
principal<br>
04/25/2017 18:48:26 04/26/2017 18:48:21 <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:krbtgt/DAMASCUSGRP.COM@DAMASCUSGRP.COM">krbtgt/DAMASCUSGRP.COM@DAMASCUSGRP.COM</a><br>
#</font><br>
</font></p>
</blockquote>
<br>
What's my best path of recovery?<br>
<br>
<div class="moz-signature">-- <br>
<div><b>Bret Wortman</b></div>
<div>The Damascus Group<br>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>