[Freeipa-users] certificate renewal stuck
Mike LoSapio
mlosapio at palantir.com
Fri Aug 28 23:26:27 UTC 2015
Hey there -
I¹m working a FreeIPA box (ipa-server-3.0.0-42) - Our original PKI ³master²
was nuked a while ago and I have a suspicion that none of the other ³master²
freeipa replicas were ³promoted² (sorry for the over-use of ³ )
So we went ahead and ran through these instructions and are currently in a
weird state:
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal
krb5 won¹t start and the getcert list command is returning CA_UNREACHABLE
krb5kdc: Server error - while fetching master key K/M for realm
status: CA_UNREACHABLE
ca-error: Error setting up ccache for "host" service on client using default
keytab: Cannot contact any KDC for realm
So I don¹t think I can promote another master/replica ?
Thanks,
‹Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150828/bbbbb90d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5032 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150828/bbbbb90d/attachment.p7s>
More information about the Freeipa-users
mailing list