[Freeipa-users] ipa-getcert shows error
mohammad sereshki
mohammadsereshki at yahoo.com
Sat Jul 23 19:08:22 UTC 2016
hiipactl status result:---------------------------
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
getcert list result is :-------------------------root at ipasrv ~]# getcert list
Number of certificates and requests being tracked: 8.
Request ID '20140817123522':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='audit SigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=CA Audit,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:57:06 UTC
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigning Cert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20140817123523':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspS igningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=OCSP Subsystem,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-OCSPSigning
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningC ert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20140817123524':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsy stemCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=CA Subsystem,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCer t cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20140817123525':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCe rt',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',t oken='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=IPA RA,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
Request ID '20140817123526':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname=' Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Serve r-Cert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140817123534':
status: MONITORING
ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
stuck: no
key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM' ,nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-MT NCOMANCELL-COM/pwdfile.txt'
certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nick name='Server-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2016-08-17 12:35:34 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE- COM
track: yes
auto-renew: yes
Request ID '20140817123602':
status: MONITORING
ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
stuck: no
key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickna me='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/p wdfile.txt'
certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='S erver-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2016-08-17 12:36:02 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA
track: yes
auto-renew: yes
Request ID '20140817123752':
status: MONITORING
ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
stuck: no
key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='Serve r-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer t',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2016-08-17 12:37:51 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
[root at ipasrv ~]# getcert list
Number of certificates and requests being tracked: 8.
Request ID '20140817123522':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=CA Audit,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:57:06 UTC
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20140817123523':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=OCSP Subsystem,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-OCSPSigning
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20140817123524':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=CA Subsystem,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20140817123525':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=IPA RA,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
Request ID '20140817123526':
status: MONITORING
stuck: no
key paCOM storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2018-06-30 07:56:06 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20140817123534':
status: MONITORING
ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
stuck: no
key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-EXAMPLE-COM/pwdfile.txt'
certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2016-08-17 12:35:34 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE-COM
track: yes
auto-renew: yes
Request ID '20140817123602':
status: MONITORING
ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
stuck: no
key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/pwdfile.txt'
certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2016-08-17 12:36:02 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA
track: yes
auto-renew: yes
Request ID '20140817123752':
status: MONITORING
ca-error: Error setting up ccache for local "host" service using default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
stuck: no
key paCOM storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
expCOMes: 2016-08-17 12:37:51 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
From: Rob Crittenden <rcritten at redhat.com>
To: mohammad sereshki <mohammadsereshki at yahoo.com>; Freeipa-users <freeipa-users at redhat.com>
Sent: Saturday, July 23, 2016 11:30 PM
Subject: Re: [Freeipa-users] ipa-getcert shows error
mohammad sereshki wrote:
> hi
>
> I get below error
> ca-error: Error setting up ccache for local "host" service using default
> keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
I'm guessing IPA is not running, or not completely running. ipactl
status will tell you.
> when I run ipa-getcert list, also how can I check my CAs are renewed or not?
Use just getcert and not ipa-getcert (ipa-getcert returns just a subset
of all certificates being tracked).
rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160723/dad37d49/attachment.htm>
More information about the Freeipa-users
mailing list