[Freeipa-users] CA: IPA certificates not renewing
Marc Wiatrowski
wia at iglass.net
Tue Jun 14 18:07:53 UTC 2016
On Tue, Jun 14, 2016 at 11:22 AM, Rob Crittenden <rcritten at redhat.com>
wrote:
> Marc Wiatrowski wrote:
>
>> Hello, I'm having issues with the 3 ipa certificates of type CA: IPA
>> renewing on 2 of 3 replicas. Particularly on the 2 that are not the CA
>> master. The other 5 certificates from getcert list do renew and all
>> certificates on the CA master do look to renew.
>>
>> Both servers running ipa-server-3.0.0-50.el6.centos.1.x86_64 I've done
>> full updates and rebooted.
>>
>
> Can you check on the replication status for each CA?
>
> $ ipa-csreplica-manage list -v ipa.example.com
>
> The hostname is important because including that will show the agreements
> that host has. Do this for each master with a CA.
>
> The CA being asked to do the renewal is unaware of the current serial
> number so it is refusing to proceed.
>
> rob
>
>
[root at spider01o]$ ipa-csreplica-manage list -v spider01a.iglass.net
Directory Manager password:
spider01b.iglass.net
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-06-14 17:49:16+00:00
spider01o.iglass.net
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental update
started
last update ended: 2016-06-14 17:55:20+00:00
[root at spider01o]$ ipa-csreplica-manage list -v spider01o.iglass.net
Directory Manager password:
spider01a.iglass.net
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental update
started
last update ended: 2016-06-14 17:57:44+00:00
spider01b.iglass.net
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental update
started
last update ended: 2016-06-14 17:57:41+00:00
[root at spider01o]$ ipa-csreplica-manage list -v spider01b.iglass.net
Directory Manager password:
spider01a.iglass.net
last init status: 0 Total update succeeded
last init ended: 2016-06-03 19:43:12+00:00
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-06-14 17:44:17+00:00
spider01o.iglass.net
last init status: 0 Total update succeeded
last init ended: 2016-06-03 19:44:38+00:00
last update status: 0 Replica acquired successfully: Incremental update
started
last update ended: 2016-06-14 17:57:53+00:00
spider01a.iglass.net
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental update
succeeded
last update ended: 2016-06-14 17:44:13+00:00
spider01o.iglass.net
last init status: None
last init ended: None
last update status: 0 Replica acquired successfully: Incremental update
started
last update ended: 2016-06-14 17:57:54+00:00
Not sure what this is telling... This an issue with the last being
doubled? Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160614/aab79423/attachment.htm>
More information about the Freeipa-users
mailing list