[Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)
Sanju A
sanju.a at tcs.com
Fri May 22 13:16:48 UTC 2015
Dear Rob,
Please find the entire result.
-------------------------------------------------------------------------------------------------
Number of certificates and requests being tracked: 8.
Request ID '20140430124246':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=CA Audit,O=MYDOMAINNAME.COM
expires: 2016-04-19 12:42:02 UTC
key usage: digitalSignature,nonRepudiation
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140430124247':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=OCSP Subsystem,O=MYDOMAINNAME.COM
expires: 2016-04-19 12:42:01 UTC
key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
eku: id-kp-OCSPSigning
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140430124248':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=CA Subsystem,O=MYDOMAINNAME.COM
expires: 2016-04-19 12:42:01 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140430124249':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=IPA RA,O=MYDOMAINNAME.COM
expires: 2016-04-19 12:42:45 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140430124250':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM
expires: 2016-04-19 12:42:01 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140430124308':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-TCS-MOBILITY-COM',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-TCS-MOBILITY-COM/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-TCS-MOBILITY-COM',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM
expires: 2016-04-30 12:43:07 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140430124352':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=mydomainname.com,O=MYDOMAINNAME.COM
expires: 2016-04-30 12:43:51 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140430124456':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
subject: CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM
expires: 2016-04-30 12:44:55 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
-------------------------------------------------------------------------------------------------
Regards
Sanju Abraham
From: Rob Crittenden <rcritten at redhat.com>
To: Sanju A <sanju.a at tcs.com>
Cc: freeipa-users at redhat.com
Date: 22-05-2015 18:26
Subject: Re: [Freeipa-users] Certificate operation cannot be
completed: Unable to communicate with CMS (Not Found)
Sanju A wrote:
> Dear Rob,
>
> The result is from ipa master server.
Ok, then this can't be the entire output. For a master with a CA there
should be about 8 certs tracked
rob
>
>
> Regards
> Sanju Abraham
>
>
>
> From: Rob Crittenden <rcritten at redhat.com>
> To: Sanju A <sanju.a at tcs.com>
> Cc: freeipa-users at redhat.com
> Date: 21-05-2015 19:03
> Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
> Unable to communicate with CMS (Not Found)
> ------------------------------------------------------------------------
>
>
>
> Sanju A wrote:
> > Dear Rob,
> >
> > Please find the result of getcert list.
> >
> > Request ID '20140430124456':
> > status: MONITORING
> > stuck: no
> > key pair storage:
> >
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> > certificate:
> >
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> > Certificate DB'
> > CA: IPA
> > issuer: CN=Certificate Authority,O=EXAMPLE.COM
> > subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM
> > expires: 2016-04-30 12:44:55 UTC
> > key usage:
> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> > eku: id-kp-serverAuth,id-kp-clientAuth
> > pre-save command:
> > post-save command:
> > track: yes
> > auto-renew: yes
>
> You need to run getcert list on the IPA master running the CA that can't
> be contacted, not the host you're trying to delete.
>
> rob
>
> >
> >
> > Regards
> > Sanju Abraham
> >
> >
> >
> >
> > From: Rob Crittenden <rcritten at redhat.com>
> > To: Sanju A <sanju.a at tcs.com>, freeipa-users at redhat.com
> > Date: 20-05-2015 19:04
> > Subject: Re: [Freeipa-users] Certificate operation cannot be
completed:
> > Unable to communicate with CMS (Not Found)
> >
------------------------------------------------------------------------
> >
> >
> >
> > Sanju A wrote:
> > > Hi,
> > >
> > > I am getting the following error while removing a host.
> > >
> > > ---------------------------------------
> > > Certificate operation cannot be completed: Unable to communicate
with
> > > CMS (Not Found)
> > > ---------------------------------------
> >
> > This usually means that the CA is not serving requestss. It may be up
> > and running but that doesn't mean the webapp is working.
> >
> > This is often due to expired CA subsystem certificates. Run getcert
list
> > to check.
> >
> > rob
> >
> >
> > =====-----=====-----=====
> > Notice: The information contained in this e-mail
> > message and/or attachments to it may contain
> > confidential or privileged information. If you are
> > not the intended recipient, any dissemination, use,
> > review, distribution, printing or copying of the
> > information contained in this e-mail message
> > and/or attachments to it are strictly prohibited. If
> > you have received this communication in error,
> > please notify us by reply e-mail or telephone and
> > immediately and permanently delete the message
> > and any attachments. Thank you
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150522/532520cf/attachment.htm>
More information about the Freeipa-users
mailing list