[Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)
Rob Crittenden
rcritten at redhat.com
Mon May 18 14:05:42 UTC 2015
Sina Owolabi wrote:
> Yes CA is running, and it's on the same machine.
>
> [root at dc ~]# ipa-replica-prepare dc01.ourdom.com
> <http://dc01.ourdom.com> --ip-address 192.168.2.40
>
> Directory Manager (existing master) password:
>
>
> Preparing replica for dc01.ourdom.com <http://dc01.ourdom.com> from
> dc.ourdom.com <http://dc.ourdom.com>
>
> Creating SSL certificate for the Directory Server
>
> Certificate operation cannot be completed: Unable to communicate with
> CMS (Not Found)
>
> [root at dc ~]# ipactl status
>
> Directory Service: RUNNING
>
> KDC Service: RUNNING
>
> KPASSWD Service: RUNNING
>
> DNS Service: RUNNING
>
> MEMCACHE Service: RUNNING
>
> HTTP Service: RUNNING
>
> CA Service: RUNNING
>
> [root at dc ~]#
This suggests that while the process is running the CA isn't actually
operational. You'll need to poke through the logs in /var/log/pki* to
see if there are any errors.
I'd also see if the certificates are expired by running `getcert list`
as root.
rob
More information about the Freeipa-users
mailing list