[Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)

Sanju A sanju.a at tcs.com
Wed May 27 07:09:33 UTC 2015 

Hi Rob,

ipactl status is up and the flag is also in the correct state. However I 
have restarted pki-cad and the issue got fixed.

Thanks for your help in fixing the issue.


Regards
Sanju Abraham




From:   Rob Crittenden <rcritten at redhat.com>
To:     Sanju A <sanju.a at tcs.com>
Cc:     freeipa-users at redhat.com
Date:   22-05-2015 19:05
Subject:        Re: [Freeipa-users] Certificate operation cannot be 
completed: Unable to communicate with CMS (Not Found)



Sanju A wrote:
> Dear Rob,
>
> Please find the entire result.

Ok, the good news is that renewal already took place and it looks like 
everything is a-ok certificate-wise.

First, make sure the CA is up:

# ipactl status

If the CA is down, start it with service pki-cad start.

If the CA is up, the next thing to check are the trust flags:

# certutil -L -d /var/lib/pki-ca/alias

The auditSigningCert should be u,u,Pu

If it isn't, fix it with:

# certutil -M -t u,u,Pu -d /var/lib/pki-ca/alias -n 'auditSigningCert 
cert-pki-ca'

You'll need to restart the CA after changing the trust:

# service pki-cad restart

If the trust is ok and the CA was already up we'd need to see your CA 
logs to try to determine what is going on.

rob


=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150527/5d6b42aa/attachment.htm>

More information about the Freeipa-users mailing list