[Freeipa-users] IPA Error 4301: Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)
Chris Tobey
tobeychris at hotmail.com
Thu Jun 4 19:00:11 UTC 2015
Hi Rob,
Thanks for taking the time to look at this.
I have services in /etc/init.d/ named tomcat6 and pki-cad.
I tried the following:
-
[Thu Jun 04 14:38:16:/etc/init.d]$ service tomcat6 status
tomcat6 is stopped [ OK ]
[Thu Jun 04 14:38:23:/etc/init.d]$ service tomcat6 start
Starting tomcat6: [ OK ]
[Thu Jun 04 14:38:29:/etc/init.d]$ service tomcat6 status
tomcat6 (pid 10853) is running... [ OK ]
[Thu Jun 04 14:38:40:/etc/init.d]$ service pki-cad status
pki-ca (pid 1793) is running... [ OK ]
Unsecure Port = http://chimera.server.com:9180/ca/ee/ca
Secure Agent Port = https://chimera.server.com:9443/ca/agent/ca
Secure EE Port = https://chimera.server.com:9444/ca/ee/ca
Secure Admin Port = https://chimera.server.com:9445/ca/services
EE Client Auth Port = https://chimera.server.com:9446/ca/eeca/ca
PKI Console Port = pkiconsole https://chimera.server.com:9445/ca
Tomcat Port = 9701 (for shutdown)
PKI Instance Name: pki-ca
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name: IPA
URL: https://chimera.server.com:443
==========================================================================
-
After this I am able to create new hosts on my Foreman server!
There are now a few questions:
1. I am not sure why the tomcat6 service was stopped, if it is required to
be running.
2. I am not sure why a reboot of the server did not auto-start tomcat6.
3. When navigating the web GUI for FreeIPA and clicking on a host, I still
see the popup message in the subject of this thread.
I have not yet tried rebooting the FreeIPA (chimera) and Puppet/Foreman
(puppetmaster) servers yet. When I have some downtime I will try that and
see what happens in regards to questions 2 and 3.
Thanks,
-Chris Tobey
-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com]
Sent: June-04-15 10:35 AM
To: Chris Tobey; 'Martin Kosek'; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] IPA Error 4301: Certificate operation cannot be
completed: Unable to communicate with CMS (Not Found)
Apache proxies to dogtag, so a Not Found means that dogtag either isn't
running or its webapp wasn't loaded.
I'd start by restarting pki-tomcatd at pki-tomcat.service and see if that
helps.
Otherwise you'll need to poke around in the debug long in
/var/lib/pki-ca/<something>
rob
More information about the Freeipa-users
mailing list