[Freeipa-users] ipa-getcert list fails to report correctly
Les Stott
Less at imagine-sw.com
Fri Feb 20 05:56:36 UTC 2015
Hi all,
The following is blocking the ability for me to install a CA replica.
Environment:
RHEL 6.6
IPA 3.0.0-42
PKI 9.0.3-38
On the master the following is happening:
ipa-getcert list
Number of certificates and requests being tracked: 5.
(but it shows no certificate details in the output)
Running "getcert list" shows complete output.
Also, when trying to browse https://master.mydomain.com/ca/ee/ca/getCertChain i get a failed response. The apache error logs on the master show....
[Thu Feb 19 23:23:23 2015] [error] SSL Library Error: -12271 SSL client cannot verify your certificate
The reason I am trying to browse that address is because that's what the ipa-ca-install setup is failing at (it complains that the CA certificate is not in proper format, in fact it's not able to get it at all).
I know from another working ipa setup that ....
Browsing to the above address provides valid xml content and ipa-getcert list shows certificate details and not just the number of tracked certificates.
Been trying for a long time to figure out the issues without luck.
I would greatly appreciate any help to troubleshoot and resolve the above issues.
Regards,
Les
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150220/c8959d5d/attachment.htm>
More information about the Freeipa-users
mailing list