[Freeipa-users] IPA server having cert issues
Bret Wortman
bret.wortman at damascusgrp.com
Thu Apr 28 14:07:54 UTC 2016
Okay. This morning, I turned back time to 4/1 and started up IPA. It
didn't work, but I got something new and interesting in the debug log,
which I've posted to http://pastebin.com/M9VGCS8A. Lots of garbled junk
came pouring out which doesn't happen when I'm set to real time. Is
/this/ significant?
On 04/27/2016 02:24 PM, Bret Wortman wrote:
> I put excerpts from the ca logs in http://pastebin.com/gYgskU79. It
> looks logical to me, but I can't spot anything that looks like a root
> cause error. The selftests are all okay, I think. The debug log might
> have something, but it might also just be complaining about ldap not
> being up because it's not.
>
>
> On 04/27/2016 01:11 PM, Rob Crittenden wrote:
>> Bret Wortman wrote:
>>> So in lieu of fixing these certs, is there an acceptable way to dump
>>> them all and start over /without losing the contents of the IPA
>>> database/? Or otherwise really screwing ourselves?
>>
>> I don't believe there is a way.
>>
>>> We have a replica that's still up and running and we've switched
>>> everyone over to talking to it, but we're at risk with just the one.
>>
>> I'd ignore the two unknown certs for now. They look like someone was
>> experimenting with issuing a cert and didn't quite get things working.
>>
>> The CA seems to be throwing an error. I'd check the syslog for
>> messages from certmonger and look at the CA debug log and selftest log.
>>
>> rob
>>
> [snip]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160428/554bef94/attachment.htm>
More information about the Freeipa-users
mailing list