[Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)

Rob Crittenden rcritten at redhat.com
Fri May 22 12:56:44 UTC 2015 

Sanju A wrote:
> Dear Rob,
>
> The result is from ipa master server.

Ok, then this can't be the entire output. For a master with a CA there 
should be about 8 certs tracked

rob

>
>
> Regards
> Sanju Abraham
>
>
>
> From: Rob Crittenden <rcritten at redhat.com>
> To: Sanju A <sanju.a at tcs.com>
> Cc: freeipa-users at redhat.com
> Date: 21-05-2015 19:03
> Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
> Unable to communicate with CMS (Not Found)
> ------------------------------------------------------------------------
>
>
>
> Sanju A wrote:
>  > Dear Rob,
>  >
>  > Please find the result of getcert list.
>  >
>  > Request ID '20140430124456':
>  >          status: MONITORING
>  >          stuck: no
>  >          key pair storage:
>  > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>  > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>  >          certificate:
>  > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>  > Certificate DB'
>  >          CA: IPA
>  >          issuer: CN=Certificate Authority,O=EXAMPLE.COM
>  >          subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM
>  >          expires: 2016-04-30 12:44:55 UTC
>  >          key usage:
>  > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>  >          eku: id-kp-serverAuth,id-kp-clientAuth
>  >          pre-save command:
>  >          post-save command:
>  >          track: yes
>  >          auto-renew: yes
>
> You need to run getcert list on the IPA master running the CA that can't
> be contacted, not the host you're trying to delete.
>
> rob
>
>  >
>  >
>  > Regards
>  > Sanju Abraham
>  >
>  >
>  >
>  >
>  > From: Rob Crittenden <rcritten at redhat.com>
>  > To: Sanju A <sanju.a at tcs.com>, freeipa-users at redhat.com
>  > Date: 20-05-2015 19:04
>  > Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
>  > Unable to communicate with CMS (Not Found)
>  > ------------------------------------------------------------------------
>  >
>  >
>  >
>  > Sanju A wrote:
>  >  > Hi,
>  >  >
>  >  > I am getting the following error while removing a host.
>  >  >
>  >  > ---------------------------------------
>  >  > Certificate operation cannot be completed: Unable to communicate with
>  >  > CMS (Not Found)
>  >  > ---------------------------------------
>  >
>  > This usually means that the CA is not serving requestss. It may be up
>  > and running but that doesn't mean the webapp is working.
>  >
>  > This is often due to expired CA subsystem certificates. Run getcert list
>  > to check.
>  >
>  > rob
>  >
>  >
>  > =====-----=====-----=====
>  > Notice: The information contained in this e-mail
>  > message and/or attachments to it may contain
>  > confidential or privileged information. If you are
>  > not the intended recipient, any dissemination, use,
>  > review, distribution, printing or copying of the
>  > information contained in this e-mail message
>  > and/or attachments to it are strictly prohibited. If
>  > you have received this communication in error,
>  > please notify us by reply e-mail or telephone and
>  > immediately and permanently delete the message
>  > and any attachments. Thank you
>  >
>
>

More information about the Freeipa-users mailing list