[Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)
Rob Crittenden
rcritten at redhat.com
Fri May 22 13:34:45 UTC 2015
Sanju A wrote:
> Dear Rob,
>
> Please find the entire result.
Ok, the good news is that renewal already took place and it looks like
everything is a-ok certificate-wise.
First, make sure the CA is up:
# ipactl status
If the CA is down, start it with service pki-cad start.
If the CA is up, the next thing to check are the trust flags:
# certutil -L -d /var/lib/pki-ca/alias
The auditSigningCert should be u,u,Pu
If it isn't, fix it with:
# certutil -M -t u,u,Pu -d /var/lib/pki-ca/alias -n 'auditSigningCert
cert-pki-ca'
You'll need to restart the CA after changing the trust:
# service pki-cad restart
If the trust is ok and the CA was already up we'd need to see your CA
logs to try to determine what is going on.
rob
More information about the Freeipa-users
mailing list