[Freeipa-users] IPA Error 4301: CertificateOperationError
Fraser Tweedale
ftweedal at redhat.com
Tue Aug 23 00:23:59 UTC 2016
On Mon, Aug 22, 2016 at 11:52:46PM +0000, Z D wrote:
> Hello,
>
> There is the error on ver 4.2 while viewing certs: "IPA Error
> 4301: CertificateOperationError", next it read " Certificate
> operation cannot be completed: Unable to communicate with CMS
> ([Errno 113] No route to host)".
>
> I suspect you'll be asking for below two commands, here are results.
>
> # ipa cert-show 1
> Certificate: MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1VUy5P
> ..shortened ...
> H6S7tS4pT9w77K8=
> Subject: CN=Certificate Authority,O=COMP.COM
> Issuer: CN=Certificate Authority,O=COMP.COM
> Not Before: Wed Aug 17 17:20:41 2016 UTC
> Not After: Sun Aug 17 17:20:41 2036 UTC
> Fingerprint (MD5): 00:a5:2c:2d:ea:c8:27:33:62:35:75:53:12:6a:0d:c1
> Fingerprint (SHA1): d1:58:78:83:31:b8:ad:ae:af:2c:e7:05:44:67:6e:3a:37:8c:00:1a
> Serial number (hex): 0x1
> Serial number: 1
>
> # ipactl restart
> Restarting Directory Service
> Restarting krb5kdc Service
> Restarting kadmin Service
> Restarting named Service
> Restarting ipa_memcached Service
> Restarting httpd Service
> Restarting ipa-otpd Service
> Restarting ipa-dnskeysyncd Service
> ipa: INFO: The ipactl command was successful
>
> Any help is appreciated, thanks
> Zarko
>
"while viewing certs" -> do you mean in the IPA Web UI?
The successful `cert-show' command indicates that the CA is up and
running, but the error message indicates that the host running the
failing action cannot contact the CA. You should check DNS and
firewall settings as a first step.
Thanks,
Fraser
More information about the Freeipa-users
mailing list