[Freeipa-users] certmonger question
Martin Kosek
mkosek at redhat.com
Mon Nov 10 15:49:01 UTC 2014
On 11/10/2014 04:17 PM, Natxo Asenjo wrote:
> hi,
>
> is this the right list to post certmonger questions?
It is. Certmonger is part of IPA solution so this list is a good start. CCing
Nalin as he is still the SME for certmonger, he may have some idea.
> Here I see only a developer's list without too much activity:
> https://fedorahosted.org/certmonger/
>
> My question is simple. After upgrading a vm running centos 6.5 to 6.6
> I am seeing this error on reboot in messages:
>
> Nov 10 15:51:31 apachetest03 certmonger: Decoding error on
> "TUlJRG5EQ0NBb1NnQXdJQkFnSUJBVEFOQmdrcWhraUc5dzBCQVFzRkFEQTdNUmt3#012RndZRFZRUUtFeEJWVGtsWUxrbFNTVk5hVDFKSExrNU1NUjR3SEFZRFZRUURFeFZE#012WlhKMGFXWnBZMkYwWlNCQmRYUm9iM0pwZEhrd0hoY05NVEl4TVRBM01qRXlOREUx#012V2hjTk1qQXhNVEEzTWpFeU5ERTFXakE3TVJrd0Z3WURWUVFLRXhCVlRrbFlMa2xT#012U1ZOYVQxSkhMazVNTVI0d0hBWURWUVFERXhWRFpYSjBhV1pwWTJGMFpTQkJkWFJv#012YjNKcGRIa3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lC#012QVFDeTJXVnk3UWtIaXVFTlcvemtNZUQ0SUxvcU9ydXVZS3ZiMitycWV1STlpdyt6#012QkJ0NTY5WFN4cmdjeWVUcTBHNjNSamJYZ3JBem90NEVoWWc2TW9lcERWQ24wQm51#012clVmZ2JDZjVSMEVib2lnamJvaDVNR25QeWxIZWZMUkdBUk5VQ3djVEdBNHVSOVpR#012TC9yRVVxV2t0bVpqYW5ZRXZPUDhVQmV1cTVXUDVlbWFYOFUwM1N6TUErY1FUOXcv#012engwZUFPWWdaVzV5eDNhQTVRNEZ1OHFXcU1HR0FPQTZ5RFFXcW1JcGd4aUZISFJh#012N2hRSzRBamVIZ3ZhQ29sYVU5NzlMaDVqQXYvWHdyWXRvazFHK1VWRXA0NUlOcGZ4#012cjVkTGUwM29nblBGUFowL3h3YkJxdHQvMnFuNnJrNEw0dWtINFA5ZzRSdzBvN1Ux#012eUpWeC9TT0pBZ01CQUFHamdhb3dnYWN3SHdZRFZSMGpCQmd3Rm9BVW81ZmtpaTY0#012eno3cU0vSzhrOVlqM3FtRU5tZ3dEd1lEVl!
Iw!
> VEFRSC9CQVV3QXdFQi96QU9CZ05W#012SFE4QkFmOEVCQU1DQWNZd0hRWURWUjBPQkJZRUZLT1g1SW91dU04KzZqUHl2SlBX#012STk2cGhEWm9NRVFHQ0NzR0FRVUZCd0VCQkRnd05qQTBCZ2dyQmdFRkJRY3dBWVlv#012YUhSMGNEb3ZMMnRrWXpBeExuVnVhWGd1YVhKcGMzcHZjbWN1Ym13Nk9EQXZZMkV2#012YjJOemNEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFKMjhnZG96ZC9wdE9NNVBU#012S0t3eVYrb3RPL3drM3lFcnNseHBOVWhSWmdTTlV3VCt0NnRmRi9qK2pKUlY1c1gr#012ankwOWM5RG8rcDNIeTlnUm5JVkpPTkRTY3ZNVjluRGM3NUM2SkdYVStGZE5KSitE#012YnBlcC9Sc1FqSHJaK3Vud0l5QVdvT3BCb2w4c0d6TjV0WGJlby9NNm1HRnhhQlRI#012MUdLdGd2NENLYnpRQW90dk1hR3h6S2pTY0hSc0dhZXJOU0NacC85MHlSSnlwQzNN#012T29zVUZjRmw0Q29ZSEI0MlhEVHpqdnpaUWNhRk5jZ1lYT2NpdWp3d1lITnpzU3FZ#012Y0lLRlNXdVd2TisrN2c0eXhRTWx1OFFXME1zL1BudG1UbU8yY0RkTkkxdHVqVnlC#012S2U1OTl5NE8vRXMvTUJHdER0VkE4NUFMa3NKT1UyN2JqdHZiQmc9PQ==#012"
> (1240 bytes)!
>
> The certmonger service keeps stopping (nothing logged), I notice when running:
>
> $ sudo getcert list
> Please verify that the certmonger service has been started.
>
> This I got right after restarting it and getting a right result, with
> about 5 minutes in between. Now it's done i again:
>
>
> ]$ sudo getcert list
> Number of certificates and requests being tracked: 1.
> Request ID '20140410142412':
> status: MONITORING
> stuck: no
> key pair storage:
> type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate
> - apachetest03.domain.tld',token='NSS Certificate DB'
> certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA
> Machine Certificate - apachetest03.domain.tld',token='NSS Certificate
> DB'
> CA: IPA
> issuer: CN=Certificate Authority,O=DOMAIN.TLD
> subject: CN=apachetest03.domain.tld,O=DOMAIN.TLD
> expires: 2016-04-10 14:24:15 UTC
> key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> eku: id-kp-serverAuth,id-kp-clientAuth
> pre-save command:
> post-save command:
> track: yes
> auto-renew: yes
> ]$ sudo getcert list
> Please verify that the certmonger service has been started.
>
> How can I debug this?
>
> Thanks in advance.
> --
> Groeten,
> natxo
>
More information about the Freeipa-users
mailing list