<div dir="ltr">I just realized that I sent the reply directly to Rob and not to the list. My response is inline<div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><div dir="ltr"><div dir="ltr" style="font-size:12.8px"><br></div><div dir="ltr"><b style="font-size:12.8px"><font size="2">Mike Plemmons | Senior DevOps Engineer | CROSSCHX<br></font></b><div>614.427.2411</div><div><a href="mailto:mike.plemmons@crosschx.com" style="font-size:12.8px" target="_blank">mike.plemmons@crosschx.com</a><br></div><div style="font-size:12.8px"><a href="http://www.crosschx.com/" target="_blank">www.crosschx.com</a></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, May 4, 2017 at 9:39 AM, Michael Plemmons <span dir="ltr"><<a href="mailto:michael.plemmons@crosschx.com" target="_blank">michael.plemmons@crosschx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br clear="all"><div><div class="m_-5683941457304409678gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><div dir="ltr"><div dir="ltr" style="font-size:12.8px"><br></div><div dir="ltr"><b style="font-size:12.8px"><font size="2">Mike Plemmons | Senior DevOps Engineer | CROSSCHX<br></font></b><div>614.427.2411</div><div><a href="mailto:mike.plemmons@crosschx.com" style="font-size:12.8px" target="_blank">mike.plemmons@crosschx.com</a><br></div><div style="font-size:12.8px"><a href="http://www.crosschx.com/" target="_blank">www.crosschx.com</a></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, May 4, 2017 at 9:24 AM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Michael Plemmons wrote:<br>
> I realized that I was not very clear in my statement about testing with<br>
> ldapsearch. I had initially run it without logging in with a DN. I was<br>
> just running the local ldapsearch -x command. I then tested on<br>
> ipa12.mgmt and ipa11.mgmt logging in with a full DN for the admin and<br>
> "cn=Directory Manager" from ipa12.mgmt (broken server) and ipa11.mgmt<br>
> and both ldapsearch command succeeded.<br>
><br>
> I ran the following from ipa12.mgmt and ipa11.mgmt as a non root user.<br>
> I also ran the command showing a line count for the output and the line<br>
> counts for each were the same when run from ipa12.mgmt and ipa11.mgmt.<br>
><br>
> ldapsearch -LLL -h <a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a><br>
> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.co<wbr>m</a>> -D "DN" -w PASSWORD -b<br>
> "cn=users,cn=accounts,dc=mgmt,<wbr>dc=crosschx,dc=com" dn<br>
><br>
> ldapsearch -LLL -h <a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a><br>
> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.co<wbr>m</a>> -D "cn=directory manager" -w PASSWORD dn<br>
<br>
The CA has its own suffix and replication agreements. Given the auth<br>
error and recent (5 months) renewal of CA credentials I'd check that the<br>
CA agent authentication entries are correct.<br>
<br>
Against each master with a CA run:<br>
<br>
$ ldapsearch -LLL -x -D 'cn=directory manager' -W -b<br>
uid=ipara,ou=people,o=ipaca description<br>
<br>
The format is 2;serial#,subject,issuer<br>
<br>
Then on each run:<br>
<br>
# certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial<br>
<br>
The serial # should match that in the description everywhere.<br>
<br>
rob<br>
<br></blockquote><div><br></div><div><br></div><div>On the CA (IPA13.MGMT) I ran the ldapsearch command and see that the serial number is 7. I then ran the certutil command on all three servers and the serial number is 7 as well.</div><div><br></div><div> </div><div>I also ran the ldapsearch command against the other two servers and they also showed a serial number of 7. </div></div></div></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div> <br></div></div></div></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
><br>
><br>
><br>
><br>
><br>
> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX<br>
> *<br>
> 614.427.2411<br>
> <a href="mailto:mike.plemmons@crosschx.com" target="_blank">mike.plemmons@crosschx.com</a> <mailto:<a href="mailto:mike.plemmons@crosschx.com" target="_blank">mike.plemmons@crosschx<wbr>.com</a>><br>
> <a href="http://www.crosschx.com" rel="noreferrer" target="_blank">www.crosschx.com</a> <<a href="http://www.crosschx.com/" rel="noreferrer" target="_blank">http://www.crosschx.com/</a>><br>
><br>
> On Wed, May 3, 2017 at 5:28 PM, Michael Plemmons<br>
> <<a href="mailto:michael.plemmons@crosschx.com" target="_blank">michael.plemmons@crosschx.com</a> <mailto:<a href="mailto:michael.plemmons@crosschx.com" target="_blank">michael.plemmons@cross<wbr>chx.com</a>>><br>
> wrote:<br>
><br>
> I have a three node IPA cluster.<br>
><br>
> ipa11.mgmt - was a master over 6 months ago<br>
> ipa13.mgmt - current master<br>
> ipa12.mgmt<br>
><br>
> ipa13 has agreements with ipa11 and ipa12. ipa11 and ipa12 do not<br>
> have agreements between each other.<br>
><br>
> It appears that either ipa12.mgmt lost some level of its replication<br>
> agreement with ipa13. I saw some level because users / hosts were<br>
> replicated between all systems but we started seeing DNS was not<br>
> resolving properly from ipa12. I do not know when this started.<br>
><br>
> When looking at replication agreements on ipa12 I did not see any<br>
> agreement with ipa13.<br>
><br>
> When I run ipa-replica-manage list all three hosts show has master.<br>
><br>
> When I run ipa-replica-manage ipa11.mgmt I see ipa13.mgmt is a replica.<br>
><br>
> When I run ipa-replica-manage ipa12.mgmt nothing returned.<br>
><br>
> I ran ipa-replica-manage connect --cacert=/etc/ipa/ca.crt<br>
> <a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.co<wbr>m</a>><br>
> <a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa13.mgmt.crosschx.com</a> <<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa13.mgmt.crosschx.co<wbr>m</a>> on ipa12.mgmt<br>
><br>
> I then ran the following<br>
><br>
> ipa-replica-manage force-sync --from <a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa13.mgmt.crosschx.com</a><br>
> <<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa13.mgmt.crosschx.c<wbr>om</a>><br>
><br>
> ipa-replica-manage re-initialize --from <a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa13.mgmt.crosschx.com</a><br>
> <<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa13.mgmt.crosschx.c<wbr>om</a>><br>
><br>
> I was still seeing bad DNS returns when dig'ing against ipa12.mgmt.<br>
> I was able to create user and DNS records and see the information<br>
> replicated properly across all three nodes.<br>
><br>
> I then ran ipactl stop on ipa12.mgmt and then ipactl start on<br>
> ipa12.mgmt because I wanted to make sure everything was running<br>
> fresh after the changes above. While IPA was staring up (DNS<br>
> started) we were able to see valid DNS queries returned but<br>
> pki-tomcat would not start.<br>
><br>
> I am not sure what I need to do in order to get this working. I<br>
> have included the output of certutil and getcert below from all<br>
> three servers as well as the debug output for pki.<br>
><br>
><br>
> While the IPA system is coming up I am able to successfully run<br>
> ldapsearch -x as the root user and see results. I am also able to<br>
> login with the "cn=Directory Manager" account and see results.<br>
><br>
><br>
> The debug log shows the following error.<br>
><br>
><br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]:<br>
> =============================<wbr>===============<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: ===== DEBUG<br>
> SUBSYSTEM INITIALIZED =======<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]:<br>
> =============================<wbr>===============<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: restart at<br>
> autoShutdown? false<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> autoShutdown crumb file path?<br>
> /var/lib/pki/pki-tomcat/logs/<wbr>autoShutdown.crumb<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: about to<br>
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: found<br>
> cert:auditSigningCert cert-pki-ca<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: done init<br>
> id=debug<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> initialized debug<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> initSubsystem id=log<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: ready to<br>
> init id=log<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: Creating<br>
> RollingLogFile(/var/lib/pki/p<wbr>ki-tomcat/logs/ca/signedAudit/<wbr>ca_audit)<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: Creating<br>
> RollingLogFile(/var/lib/pki/p<wbr>ki-tomcat/logs/ca/system)<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: Creating<br>
> RollingLogFile(/var/lib/pki/p<wbr>ki-tomcat/logs/ca/transactions<wbr>)<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: restart at<br>
> autoShutdown? false<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> autoShutdown crumb file path?<br>
> /var/lib/pki/pki-tomcat/logs/<wbr>autoShutdown.crumb<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: about to<br>
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: found<br>
> cert:auditSigningCert cert-pki-ca<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: done init<br>
> id=log<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> initialized log<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> initSubsystem id=jss<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: ready to<br>
> init id=jss<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: restart at<br>
> autoShutdown? false<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> autoShutdown crumb file path?<br>
> /var/lib/pki/pki-tomcat/logs/<wbr>autoShutdown.crumb<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: about to<br>
> look for cert for auto-shutdown support:auditSigningCert cert-pki-ca<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: found<br>
> cert:auditSigningCert cert-pki-ca<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: done init<br>
> id=jss<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> initialized jss<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine:<br>
> initSubsystem id=dbs<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: CMSEngine: ready to<br>
> init id=dbs<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: DBSubsystem: init()<br>
> mEnableSerialMgmt=true<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: Creating<br>
> LdapBoundConnFactor(DBSubsyst<wbr>em)<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: LdapBoundConnFactory:<br>
> init<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]:<br>
> LdapBoundConnFactory:<wbr>doCloning true<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: LdapAuthInfo: init()<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: LdapAuthInfo: init begins<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: LdapAuthInfo: init ends<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: init: before<br>
> makeConnection errorIfDown is true<br>
> [03/May/2017:21:22:01][localh<wbr>ost-startStop-1]: makeConnection:<br>
> errorIfDown true<br>
> [03/May/2017:21:22:02][localh<wbr>ost-startStop-1]:<br>
> <wbr>SSLClientCertificateSelectionC<wbr>B: Setting desired cert nickname to:<br>
> subsystemCert cert-pki-ca<br>
> [03/May/2017:21:22:02][localh<wbr>ost-startStop-1]: LdapJssSSLSocket: set<br>
> client auth cert nickname subsystemCert cert-pki-ca<br>
> [03/May/2017:21:22:02][localh<wbr>ost-startStop-1]:<br>
> <wbr>SSLClientCertificatSelectionCB<wbr>: Entering!<br>
> [03/May/2017:21:22:02][localh<wbr>ost-startStop-1]:<br>
> <wbr>SSLClientCertificateSelectionC<wbr>B: returning: null<br>
> [03/May/2017:21:22:02][localh<wbr>ost-startStop-1]: SSL handshake happened<br>
> Could not connect to LDAP server host <a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a><br>
> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.c<wbr>om</a>> port 636 Error<br>
> netscape.ldap.LDAPException: Authentication failed (48)<br>
> at<br>
> com.netscape.cmscore.<wbr>ldapconn.LdapBoundConnFactory.<wbr>makeConnection(LdapBoundConnFa<wbr>ctory.java:205)<br>
> at<br>
> com.netscape.cmscore.<wbr>ldapconn.LdapBoundConnFactory.<wbr>init(LdapBoundConnFactory.<wbr>java:166)<br>
> at<br>
> com.netscape.cmscore.<wbr>ldapconn.LdapBoundConnFactory.<wbr>init(LdapBoundConnFactory.<wbr>java:130)<br>
> at com.netscape.cmscore.dbs.DBSub<wbr>system.init(DBSubsystem.java:<wbr>654)<br>
> at<br>
> com.netscape.cmscore.apps.CMS<wbr>Engine.initSubsystem(CMSEngine<wbr>.java:1169)<br>
> at<br>
> com.netscape.cmscore.apps.CMS<wbr>Engine.initSubsystems(CMSEngin<wbr>e.java:1075)<br>
> at com.netscape.cmscore.apps.CMSE<wbr>ngine.init(CMSEngine.java:571)<br>
> at com.netscape.certsrv.apps.CMS.<wbr>init(CMS.java:187)<br>
> at com.netscape.certsrv.apps.CMS.<wbr>start(CMS.java:1616)<br>
> at<br>
> com.netscape.cms.servlet.<wbr>base.CMSStartServlet.init(CMSS<wbr>tartServlet.java:114)<br>
> at javax.servlet.GenericServlet.i<wbr>nit(GenericServlet.java:158)<br>
> at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native Method)<br>
> at<br>
> sun.reflect.NativeMethodAcces<wbr>sorImpl.invoke(NativeMethodAcc<wbr>essorImpl.java:62)<br>
> at<br>
> sun.reflect.DelegatingMethodA<wbr>ccessorImpl.invoke(DelegatingM<wbr>ethodAccessorImpl.java:43)<br>
> at java.lang.reflect.Method.invok<wbr>e(Method.java:498)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil$1.run(SecurityUti<wbr>l.java:288)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil$1.run(SecurityUti<wbr>l.java:285)<br>
> at java.security.AccessController<wbr>.doPrivileged(Native Method)<br>
> at <a href="http://javax.security.auth.Subject.do">javax.security.auth.Subject.do</a><wbr>AsPrivileged(Subject.java:549)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil.execute(SecurityU<wbr>til.java:320)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil.doAsPrivilege(Sec<wbr>urityUtil.java:175)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil.doAsPrivilege(Sec<wbr>urityUtil.java:124)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardWrapper.initServlet(Standa<wbr>rdWrapper.java:1270)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardWrapper.loadServlet(Standa<wbr>rdWrapper.java:1195)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardWrapper.load(StandardWrapp<wbr>er.java:1085)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardContext.loadOnStartup(Stan<wbr>dardContext.java:5318)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardContext.startInternal(Stan<wbr>dardContext.java:5610)<br>
> at<br>
> org.apache.catalina.util.Life<wbr>cycleBase.start(LifecycleBase.<wbr>java:147)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase.addChildInternal(Con<wbr>tainerBase.java:899)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase.access$000(Container<wbr>Base.java:133)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase$PrivilegedAddChild.<wbr>run(ContainerBase.java:156)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase$PrivilegedAddChild.<wbr>run(ContainerBase.java:145)<br>
> at java.security.AccessController<wbr>.doPrivileged(Native Method)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase.addChild(ContainerBa<wbr>se.java:873)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardHost.addChild(StandardHost<wbr>.java:652)<br>
> at<br>
> org.apache.catalina.startup.H<wbr>ostConfig.deployDescriptor(Hos<wbr>tConfig.java:679)<br>
> at<br>
> org.apache.catalina.startup.H<wbr>ostConfig$DeployDescriptor.run<wbr>(HostConfig.java:1966)<br>
> at<br>
> java.util.concurrent.Executor<wbr>s$RunnableAdapter.call(<wbr>Executors.java:511)<br>
> at java.util.concurrent.FutureTas<wbr>k.run(FutureTask.java:266)<br>
> at<br>
> java.util.concurrent.ThreadPo<wbr>olExecutor.runWorker(ThreadPoo<wbr>lExecutor.java:1142)<br>
> at<br>
> java.util.concurrent.ThreadPo<wbr>olExecutor$Worker.run(ThreadPo<wbr>olExecutor.java:617)<br>
> at java.lang.Thread.run(Thread.ja<wbr>va:745)<br>
> Internal Database Error encountered: Could not connect to LDAP<br>
> server host <a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.co<wbr>m</a>><br>
> port 636 Error netscape.ldap.LDAPException: Authentication failed (48)<br>
> at com.netscape.cmscore.dbs.DBSub<wbr>system.init(DBSubsystem.java:<wbr>676)<br>
> at<br>
> com.netscape.cmscore.apps.CMS<wbr>Engine.initSubsystem(CMSEngine<wbr>.java:1169)<br>
> at<br>
> com.netscape.cmscore.apps.CMS<wbr>Engine.initSubsystems(CMSEngin<wbr>e.java:1075)<br>
> at com.netscape.cmscore.apps.CMSE<wbr>ngine.init(CMSEngine.java:571)<br>
> at com.netscape.certsrv.apps.CMS.<wbr>init(CMS.java:187)<br>
> at com.netscape.certsrv.apps.CMS.<wbr>start(CMS.java:1616)<br>
> at<br>
> com.netscape.cms.servlet.<wbr>base.CMSStartServlet.init(CMSS<wbr>tartServlet.java:114)<br>
> at javax.servlet.GenericServlet.i<wbr>nit(GenericServlet.java:158)<br>
> at sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native Method)<br>
> at<br>
> sun.reflect.NativeMethodAcces<wbr>sorImpl.invoke(NativeMethodAcc<wbr>essorImpl.java:62)<br>
> at<br>
> sun.reflect.DelegatingMethodA<wbr>ccessorImpl.invoke(DelegatingM<wbr>ethodAccessorImpl.java:43)<br>
> at java.lang.reflect.Method.invok<wbr>e(Method.java:498)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil$1.run(SecurityUti<wbr>l.java:288)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil$1.run(SecurityUti<wbr>l.java:285)<br>
> at java.security.AccessController<wbr>.doPrivileged(Native Method)<br>
> at <a href="http://javax.security.auth.Subject.do">javax.security.auth.Subject.do</a><wbr>AsPrivileged(Subject.java:549)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil.execute(SecurityU<wbr>til.java:320)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil.doAsPrivilege(Sec<wbr>urityUtil.java:175)<br>
> at<br>
> org.apache.catalina.security.<wbr>SecurityUtil.doAsPrivilege(Sec<wbr>urityUtil.java:124)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardWrapper.initServlet(Standa<wbr>rdWrapper.java:1270)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardWrapper.loadServlet(Standa<wbr>rdWrapper.java:1195)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardWrapper.load(StandardWrapp<wbr>er.java:1085)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardContext.loadOnStartup(Stan<wbr>dardContext.java:5318)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardContext.startInternal(Stan<wbr>dardContext.java:5610)<br>
> at<br>
> org.apache.catalina.util.Life<wbr>cycleBase.start(LifecycleBase.<wbr>java:147)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase.addChildInternal(Con<wbr>tainerBase.java:899)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase.access$000(Container<wbr>Base.java:133)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase$PrivilegedAddChild.<wbr>run(ContainerBase.java:156)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase$PrivilegedAddChild.<wbr>run(ContainerBase.java:145)<br>
> at java.security.AccessController<wbr>.doPrivileged(Native Method)<br>
> at<br>
> org.apache.catalina.core.Cont<wbr>ainerBase.addChild(ContainerBa<wbr>se.java:873)<br>
> at<br>
> org.apache.catalina.core.Stan<wbr>dardHost.addChild(StandardHost<wbr>.java:652)<br>
> at<br>
> org.apache.catalina.startup.H<wbr>ostConfig.deployDescriptor(Hos<wbr>tConfig.java:679)<br>
> at<br>
> org.apache.catalina.startup.H<wbr>ostConfig$DeployDescriptor.run<wbr>(HostConfig.java:1966)<br>
> at<br>
> java.util.concurrent.Executor<wbr>s$RunnableAdapter.call(<wbr>Executors.java:511)<br>
> at java.util.concurrent.FutureTas<wbr>k.run(FutureTask.java:266)<br>
> at<br>
> java.util.concurrent.ThreadPo<wbr>olExecutor.runWorker(ThreadPoo<wbr>lExecutor.java:1142)<br>
> at<br>
> java.util.concurrent.ThreadPo<wbr>olExecutor$Worker.run(ThreadPo<wbr>olExecutor.java:617)<br>
> at java.lang.Thread.run(Thread.ja<wbr>va:745)<br>
> [03/May/2017:21:22:02][localh<wbr>ost-startStop-1]: CMSEngine.shutdown()<br>
><br>
><br>
> =============================<br>
><br>
><br>
> IPA11.MGMT<br>
><br>
> (root)>certutil -L -d /etc/dirsrv/slapd-MGMT-CROSSCH<wbr>X-COM/<br>
> Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Server-Cert<br>
> u,u,u <a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> IPA CA CT,C,C<br>
> (root)>certutil -L -d /var/lib/pki/pki-tomcat/alias/ Certificate<br>
> Nickname Trust Attributes SSL,S/MIME,JAR/XPI caSigningCert<br>
> cert-pki-ca CTu,Cu,Cu auditSigningCert cert-pki-ca u,u,Pu<br>
> ocspSigningCert cert-pki-ca u,u,u subsystemCert cert-pki-ca u,u,u<br>
> Server-Cert cert-pki-ca u,u,u IPA13.MGMT (root)>certutil -L -d<br>
> /etc/dirsrv/slapd-MGMT-CROSSC<wbr>HX-COM/ Certificate Nickname Trust<br>
> Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u <a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> IPA CA CT,C,C (root)>certutil -L -d<br>
> /var/lib/pki/pki-tomcat/<wbr>alias/ Certificate Nickname Trust Attributes<br>
> SSL,S/MIME,JAR/XPI caSigningCert cert-pki-ca CTu,Cu,Cu<br>
> auditSigningCert cert-pki-ca u,u,Pu ocspSigningCert cert-pki-ca<br>
> u,u,u subsystemCert cert-pki-ca u,u,u Server-Cert cert-pki-ca u,u,u<br>
> IPA12.MGMT (root)>certutil -L -d<br>
> /etc/dirsrv/slapd-MGMT-CROSSC<wbr>HX-COM/ Certificate Nickname Trust<br>
> Attributes SSL,S/MIME,JAR/XPI Server-Cert u,u,u <a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> IPA CA C,, (root)>certutil -L -d<br>
> /var/lib/pki/pki-tomcat/<wbr>alias/ Certificate Nickname Trust Attributes<br>
> SSL,S/MIME,JAR/XPI caSigningCert cert-pki-ca CTu,Cu,Cu<br>
> auditSigningCert cert-pki-ca u,u,Pu ocspSigningCert cert-pki-ca<br>
> u,u,u subsystemCert cert-pki-ca u,u,u Server-Cert cert-pki-ca u,u,u<br>
> =============================<wbr>==================== IPA11.MGMT<br>
> (root)>getcert list Number of certificates and requests being<br>
> tracked: 8. Request ID '20161229155314': status: MONITORING stuck:<br>
> no key pair storage:<br>
> type=NSSDB,location='/etc/dir<wbr>srv/slapd-MGMT-CROSSCHX-COM',<wbr>nickname='Server-Cert',token='<wbr>NSS<br>
> Certificate<br>
> DB',pinfile='/etc/dirsrv/slap<wbr>d-MGMT-CROSSCHX-COM/pwdfile.<wbr>txt'<br>
> certificate:<br>
> type=NSSDB,location='/etc/dir<wbr>srv/slapd-MGMT-CROSSCHX-COM',<wbr>nickname='Server-Cert',token='<wbr>NSS<br>
> Certificate DB' CA: IPA issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa11.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa11.mgmt.crosschx.com</a><br>
> <<a href="http://ipa11.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa11.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-30 15:52:43 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command: post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>start_dirsrv<br>
> MGMT-CROSSCHX-COM track: yes auto-renew: yes Request ID<br>
> '20161229155652': status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='auditSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='auditSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=CA Audit,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires:<br>
> 2018-11-12 13:00:29 UTC key usage: digitalSignature,nonRepudiatio<wbr>n<br>
> pre-save command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>new_ca_cert "auditSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155654':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='ocspSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='ocspSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=OCSP Subsystem,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>><br>
> expires: 2018-11-12 13:00:26 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyCertSign,cRLSign eku:<br>
> id-kp-OCSPSigning pre-save command:<br>
> /usr/libexec/ipa/certmonger/s<wbr>top_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "ocspSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155655':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='subsystemCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='subsystemCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=CA Subsystem,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>><br>
> expires: 2018-11-12 13:00:28 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command:<br>
> /usr/libexec/ipa/certmonger/s<wbr>top_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "subsystemCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155657':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='caSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='caSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=Certificate Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2036-11-22 13:00:25 UTC key<br>
> usage: digitalSignature,nonRepudiatio<wbr>n,keyCertSign,cRLSign pre-save<br>
> command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "caSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155659':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='Server-Cert cert-pki-ca',token='NSS<br>
> Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='Server-Cert cert-pki-ca',token='NSS<br>
> Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa11.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa11.mgmt.crosschx.com</a><br>
> <<a href="http://ipa11.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa11.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-19 15:56:20 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth,id-kp-emailProtection<br>
> pre-save command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>new_ca_cert "Server-Cert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229155921':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='Server-Cer<wbr>t',token='NSS<br>
> Certificate DB',pinfile='/etc/httpd/alias/<wbr>pwdfile.txt' certificate:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='Server-Cer<wbr>t',token='NSS<br>
> Certificate DB' CA: IPA issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa11.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa11.mgmt.crosschx.com</a><br>
> <<a href="http://ipa11.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa11.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-30 15:52:46 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command: post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>start_httpd track: yes<br>
> auto-renew: yes Request ID '20161229160009': status: MONITORING<br>
> stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='ipaCert',<wbr>token='NSS<br>
> Certificate DB',pinfile='/etc/httpd/alias/<wbr>pwdfile.txt' certificate:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='ipaCert',<wbr>token='NSS<br>
> Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=IPA RA,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires:<br>
> 2018-11-12 13:01:34 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ra_cert_pre post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ra_cert track: yes auto-renew: yes<br>
> =============================<wbr>===== IPA13.MGMT (root)>getcert list<br>
> Number of certificates and requests being tracked: 8. Request ID<br>
> '20161229143449': status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/dir<wbr>srv/slapd-MGMT-CROSSCHX-COM',<wbr>nickname='Server-Cert',token='<wbr>NSS<br>
> Certificate<br>
> DB',pinfile='/etc/dirsrv/slap<wbr>d-MGMT-CROSSCHX-COM/pwdfile.<wbr>txt'<br>
> certificate:<br>
> type=NSSDB,location='/etc/dir<wbr>srv/slapd-MGMT-CROSSCHX-COM',<wbr>nickname='Server-Cert',token='<wbr>NSS<br>
> Certificate DB' CA: IPA issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa13.mgmt.crosschx.com</a><br>
> <<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa13.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-30 14:34:20 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command: post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>start_dirsrv<br>
> MGMT-CROSSCHX-COM track: yes auto-renew: yes Request ID<br>
> '20161229143826': status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='auditSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='auditSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=CA Audit,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires:<br>
> 2018-11-12 13:00:29 UTC key usage: digitalSignature,nonRepudiatio<wbr>n<br>
> pre-save command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>new_ca_cert "auditSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143828':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='ocspSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='ocspSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=OCSP Subsystem,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>><br>
> expires: 2018-11-12 13:00:26 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyCertSign,cRLSign eku:<br>
> id-kp-OCSPSigning pre-save command:<br>
> /usr/libexec/ipa/certmonger/s<wbr>top_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "ocspSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143831':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='subsystemCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='subsystemCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=CA Subsystem,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>><br>
> expires: 2018-11-12 13:00:28 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command:<br>
> /usr/libexec/ipa/certmonger/s<wbr>top_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "subsystemCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143833':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='caSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='caSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=Certificate Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2036-11-22 13:00:25 UTC key<br>
> usage: digitalSignature,nonRepudiatio<wbr>n,keyCertSign,cRLSign pre-save<br>
> command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "caSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229143835':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='Server-Cert cert-pki-ca',token='NSS<br>
> Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='Server-Cert cert-pki-ca',token='NSS<br>
> Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa13.mgmt.crosschx.com</a><br>
> <<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa13.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-19 14:37:54 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth,id-kp-emailProtection<br>
> pre-save command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>new_ca_cert "Server-Cert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229144057':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='Server-Cer<wbr>t',token='NSS<br>
> Certificate DB',pinfile='/etc/httpd/alias/<wbr>pwdfile.txt' certificate:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='Server-Cer<wbr>t',token='NSS<br>
> Certificate DB' CA: IPA issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa13.mgmt.crosschx.com</a><br>
> <<a href="http://ipa13.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa13.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-30 14:34:23 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command: post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>start_httpd track: yes<br>
> auto-renew: yes Request ID '20161229144146': status: MONITORING<br>
> stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='ipaCert',<wbr>token='NSS<br>
> Certificate DB',pinfile='/etc/httpd/alias/<wbr>pwdfile.txt' certificate:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='ipaCert',<wbr>token='NSS<br>
> Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=IPA RA,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires:<br>
> 2018-11-12 13:01:34 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ra_cert_pre post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ra_cert track: yes auto-renew: yes<br>
> =========================== IPA12.MGMT (root)>getcert list Number of<br>
> certificates and requests being tracked: 8. Request ID<br>
> '20161229151518': status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/dir<wbr>srv/slapd-MGMT-CROSSCHX-COM',<wbr>nickname='Server-Cert',token='<wbr>NSS<br>
> Certificate<br>
> DB',pinfile='/etc/dirsrv/slap<wbr>d-MGMT-CROSSCHX-COM/pwdfile.<wbr>txt'<br>
> certificate:<br>
> type=NSSDB,location='/etc/dir<wbr>srv/slapd-MGMT-CROSSCHX-COM',<wbr>nickname='Server-Cert',token='<wbr>NSS<br>
> Certificate DB' CA: IPA issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a><br>
> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-30 15:14:51 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command: post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>start_dirsrv<br>
> MGMT-CROSSCHX-COM track: yes auto-renew: yes Request ID<br>
> '20161229151850': status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='auditSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='auditSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=CA Audit,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires:<br>
> 2018-11-12 13:00:29 UTC key usage: digitalSignature,nonRepudiatio<wbr>n<br>
> pre-save command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>new_ca_cert "auditSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151852':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='ocspSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='ocspSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=OCSP Subsystem,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>><br>
> expires: 2018-11-12 13:00:26 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyCertSign,cRLSign eku:<br>
> id-kp-OCSPSigning pre-save command:<br>
> /usr/libexec/ipa/certmonger/s<wbr>top_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "ocspSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151854':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='subsystemCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='subsystemCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=CA Subsystem,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>><br>
> expires: 2018-11-12 13:00:28 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command:<br>
> /usr/libexec/ipa/certmonger/s<wbr>top_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "subsystemCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151856':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='caSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='caSigningCert<br>
> cert-pki-ca',token='NSS Certificate DB' CA:<br>
> dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=Certificate Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2036-11-22 13:00:25 UTC key<br>
> usage: digitalSignature,nonRepudiatio<wbr>n,keyCertSign,cRLSign pre-save<br>
> command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ca_cert "caSigningCert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229151858':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='Server-Cert cert-pki-ca',token='NSS<br>
> Certificate DB',pin set certificate:<br>
> type=NSSDB,location='/etc/<wbr>pki/pki-tomcat/alias',<wbr>nickname='Server-Cert cert-pki-ca',token='NSS<br>
> Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a><br>
> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-19 15:18:16 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth,id-kp-emailProtection<br>
> pre-save command: /usr/libexec/ipa/certmonger/st<wbr>op_pkicad post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>new_ca_cert "Server-Cert<br>
> cert-pki-ca" track: yes auto-renew: yes Request ID '20161229152115':<br>
> status: MONITORING stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='Server-Cer<wbr>t',token='NSS<br>
> Certificate DB',pinfile='/etc/httpd/alias/<wbr>pwdfile.txt' certificate:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='Server-Cer<wbr>t',token='NSS<br>
> Certificate DB' CA: IPA issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">ipa12.mgmt.crosschx.com</a><br>
> <<a href="http://ipa12.mgmt.crosschx.com" rel="noreferrer" target="_blank">http://ipa12.mgmt.crosschx.c<wbr>om</a>>,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a><br>
> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires: 2018-12-30 15:14:54 UTC key<br>
> usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command: post-save<br>
> command: /usr/libexec/ipa/certmonger/re<wbr>start_httpd track: yes<br>
> auto-renew: yes Request ID '20161229152204': status: MONITORING<br>
> stuck: no key pair storage:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='ipaCert',<wbr>token='NSS<br>
> Certificate DB',pinfile='/etc/httpd/alias/<wbr>pwdfile.txt' certificate:<br>
> type=NSSDB,location='/etc/htt<wbr>pd/alias',nickname='ipaCert',<wbr>token='NSS<br>
> Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate<br>
> Authority,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> subject:<br>
> CN=IPA RA,O=<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">MGMT.CROSSCHX.COM</a> <<a href="http://MGMT.CROSSCHX.COM" rel="noreferrer" target="_blank">http://MGMT.CROSSCHX.COM</a>> expires:<br>
> 2018-11-12 13:01:34 UTC key usage:<br>
> digitalSignature,nonRepudiati<wbr>on,keyEncipherment,dataEnciphe<wbr>rment<br>
> eku: id-kp-serverAuth,id-kp-clientA<wbr>uth pre-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ra_cert_pre post-save command:<br>
> /usr/libexec/ipa/certmonger/r<wbr>enew_ra_cert track: yes auto-renew: yes<br>
><br>
><br>
> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX<br>
> *<br>
> 614.427.2411<br>
> <a href="mailto:mike.plemmons@crosschx.com" target="_blank">mike.plemmons@crosschx.com</a> <mailto:<a href="mailto:mike.plemmons@crosschx.com" target="_blank">mike.plemmons@crosschx<wbr>.com</a>><br>
> <a href="http://www.crosschx.com" rel="noreferrer" target="_blank">www.crosschx.com</a> <<a href="http://www.crosschx.com/" rel="noreferrer" target="_blank">http://www.crosschx.com/</a>><br>
><br>
><br>
><br>
><br>
<br>
</blockquote></div><br></div></div>
</blockquote></div><br></div></div>