[Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)
Rob Crittenden
rcritten at redhat.com
Fri May 22 12:56:44 UTC 2015
Sanju A wrote:
> Dear Rob,
>
> The result is from ipa master server.
Ok, then this can't be the entire output. For a master with a CA there
should be about 8 certs tracked
rob
>
>
> Regards
> Sanju Abraham
>
>
>
> From: Rob Crittenden <rcritten at redhat.com>
> To: Sanju A <sanju.a at tcs.com>
> Cc: freeipa-users at redhat.com
> Date: 21-05-2015 19:03
> Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
> Unable to communicate with CMS (Not Found)
> ------------------------------------------------------------------------
>
>
>
> Sanju A wrote:
> > Dear Rob,
> >
> > Please find the result of getcert list.
> >
> > Request ID '20140430124456':
> > status: MONITORING
> > stuck: no
> > key pair storage:
> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> > certificate:
> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> > Certificate DB'
> > CA: IPA
> > issuer: CN=Certificate Authority,O=EXAMPLE.COM
> > subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM
> > expires: 2016-04-30 12:44:55 UTC
> > key usage:
> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> > eku: id-kp-serverAuth,id-kp-clientAuth
> > pre-save command:
> > post-save command:
> > track: yes
> > auto-renew: yes
>
> You need to run getcert list on the IPA master running the CA that can't
> be contacted, not the host you're trying to delete.
>
> rob
>
> >
> >
> > Regards
> > Sanju Abraham
> >
> >
> >
> >
> > From: Rob Crittenden <rcritten at redhat.com>
> > To: Sanju A <sanju.a at tcs.com>, freeipa-users at redhat.com
> > Date: 20-05-2015 19:04
> > Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
> > Unable to communicate with CMS (Not Found)
> > ------------------------------------------------------------------------
> >
> >
> >
> > Sanju A wrote:
> > > Hi,
> > >
> > > I am getting the following error while removing a host.
> > >
> > > ---------------------------------------
> > > Certificate operation cannot be completed: Unable to communicate with
> > > CMS (Not Found)
> > > ---------------------------------------
> >
> > This usually means that the CA is not serving requestss. It may be up
> > and running but that doesn't mean the webapp is working.
> >
> > This is often due to expired CA subsystem certificates. Run getcert list
> > to check.
> >
> > rob
> >
> >
> > =====-----=====-----=====
> > Notice: The information contained in this e-mail
> > message and/or attachments to it may contain
> > confidential or privileged information. If you are
> > not the intended recipient, any dissemination, use,
> > review, distribution, printing or copying of the
> > information contained in this e-mail message
> > and/or attachments to it are strictly prohibited. If
> > you have received this communication in error,
> > please notify us by reply e-mail or telephone and
> > immediately and permanently delete the message
> > and any attachments. Thank you
> >
>
>
More information about the Freeipa-users
mailing list