[Freeipa-users] certmonger question

Natxo Asenjo natxo.asenjo at gmail.com
Mon Nov 10 15:17:49 UTC 2014 

hi,

is this the right list to post certmonger questions?

Here I see only a developer's list without too much activity:
https://fedorahosted.org/certmonger/

My question is simple. After upgrading a vm running centos 6.5 to 6.6
I am seeing this error on reboot in messages:

Nov 10 15:51:31 apachetest03 certmonger: Decoding error on
"TUlJRG5EQ0NBb1NnQXdJQkFnSUJBVEFOQmdrcWhraUc5dzBCQVFzRkFEQTdNUmt3#012RndZRFZRUUtFeEJWVGtsWUxrbFNTVk5hVDFKSExrNU1NUjR3SEFZRFZRUURFeFZE#012WlhKMGFXWnBZMkYwWlNCQmRYUm9iM0pwZEhrd0hoY05NVEl4TVRBM01qRXlOREUx#012V2hjTk1qQXhNVEEzTWpFeU5ERTFXakE3TVJrd0Z3WURWUVFLRXhCVlRrbFlMa2xT#012U1ZOYVQxSkhMazVNTVI0d0hBWURWUVFERXhWRFpYSjBhV1pwWTJGMFpTQkJkWFJv#012YjNKcGRIa3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lC#012QVFDeTJXVnk3UWtIaXVFTlcvemtNZUQ0SUxvcU9ydXVZS3ZiMitycWV1STlpdyt6#012QkJ0NTY5WFN4cmdjeWVUcTBHNjNSamJYZ3JBem90NEVoWWc2TW9lcERWQ24wQm51#012clVmZ2JDZjVSMEVib2lnamJvaDVNR25QeWxIZWZMUkdBUk5VQ3djVEdBNHVSOVpR#012TC9yRVVxV2t0bVpqYW5ZRXZPUDhVQmV1cTVXUDVlbWFYOFUwM1N6TUErY1FUOXcv#012engwZUFPWWdaVzV5eDNhQTVRNEZ1OHFXcU1HR0FPQTZ5RFFXcW1JcGd4aUZISFJh#012N2hRSzRBamVIZ3ZhQ29sYVU5NzlMaDVqQXYvWHdyWXRvazFHK1VWRXA0NUlOcGZ4#012cjVkTGUwM29nblBGUFowL3h3YkJxdHQvMnFuNnJrNEw0dWtINFA5ZzRSdzBvN1Ux#012eUpWeC9TT0pBZ01CQUFHamdhb3dnYWN3SHdZRFZSMGpCQmd3Rm9BVW81ZmtpaTY0#012eno3cU0vSzhrOVlqM3FtRU5tZ3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU9CZ05W#012SFE4QkFmOEVCQU1DQWNZd0hRWURWUjBPQkJZRUZLT1g1SW91dU04KzZqUHl2SlBX#012STk2cGhEWm9NRVFHQ0NzR0FRVUZCd0VCQkRnd05qQTBCZ2dyQmdFRkJRY3dBWVlv#012YUhSMGNEb3ZMMnRrWXpBeExuVnVhWGd1YVhKcGMzcHZjbWN1Ym13Nk9EQXZZMkV2#012YjJOemNEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFKMjhnZG96ZC9wdE9NNVBU#012S0t3eVYrb3RPL3drM3lFcnNseHBOVWhSWmdTTlV3VCt0NnRmRi9qK2pKUlY1c1gr#012ankwOWM5RG8rcDNIeTlnUm5JVkpPTkRTY3ZNVjluRGM3NUM2SkdYVStGZE5KSitE#012YnBlcC9Sc1FqSHJaK3Vud0l5QVdvT3BCb2w4c0d6TjV0WGJlby9NNm1HRnhhQlRI#012MUdLdGd2NENLYnpRQW90dk1hR3h6S2pTY0hSc0dhZXJOU0NacC85MHlSSnlwQzNN#012T29zVUZjRmw0Q29ZSEI0MlhEVHpqdnpaUWNhRk5jZ1lYT2NpdWp3d1lITnpzU3FZ#012Y0lLRlNXdVd2TisrN2c0eXhRTWx1OFFXME1zL1BudG1UbU8yY0RkTkkxdHVqVnlC#012S2U1OTl5NE8vRXMvTUJHdER0VkE4NUFMa3NKT1UyN2JqdHZiQmc9PQ==#012"
(1240 bytes)!

The certmonger service keeps stopping (nothing logged), I notice when running:

$ sudo getcert list
Please verify that the certmonger service has been started.

This I got right after restarting it and getting a right result, with
about 5 minutes in between. Now it's done i again:


]$ sudo getcert list
Number of certificates and requests being tracked: 1.
Request ID '20140410142412':
    status: MONITORING
    stuck: no
    key pair storage:
type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate
- apachetest03.domain.tld',token='NSS Certificate DB'
    certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA
Machine Certificate - apachetest03.domain.tld',token='NSS Certificate
DB'
    CA: IPA
    issuer: CN=Certificate Authority,O=DOMAIN.TLD
    subject: CN=apachetest03.domain.tld,O=DOMAIN.TLD
    expires: 2016-04-10 14:24:15 UTC
    key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
]$ sudo getcert list
Please verify that the certmonger service has been started.

How can I debug this?

Thanks in advance.
--
Groeten,
natxo

More information about the Freeipa-users mailing list