[Freeipa-users] IPA 4.2: pki-tomcatd in terrible shape
Endi Sukma Dewata
edewata at redhat.com
Mon Mar 28 15:55:06 UTC 2016
On 3/28/2016 10:00 AM, Rob Crittenden wrote:
> Timothy Geier wrote:
>>> Thanks for the procedure..the good news is this worked quite well in
>>> making sure that 389 didn’t crash immediately after startup. The bad
>>> news is that the certificates still didn’t renew due to
>>>
>>> Server at "http://master_server:8080/ca/ee/ca/profileSubmit
>>> <https://mail.accertify.com/owa/redir.aspx?REF=hBo37W2qnlmUfAeXTrhGw6WdavZzsQoMPQ85UuuxxhZLgX6LCUDTCAFodHRwOi8vbWFzdGVyX3NlcnZlcjo4MDgwL2NhL2VlL2NhL3Byb2ZpbGVTdWJtaXQ.>"
>>>
>>> replied: Profile caServerCert Not Found
>>>
>>> which was the same error in getcert list I saw that one time 389
>>> didn’t crash right away. At least now this can be further
>>> troubleshooted without worrying about 389.
>>>
>>>
>>
>> To follow up on this issue, we haven’t been able to get any further
>> since last month due to the missing caServerCert profile..the
>> configuration files /usr/share/pki/ca/profiles/ca/caServerCert.cfg
>> and /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg are present
>> and are identical. The pki-ca package
>> passes rpm -V as well. Are there any other troubleshooting steps we
>> can take?
>
> Maybe Endi or Ade have some ideas why the CA isn't recognizing the profile.
>
> rob
>
Fraser, is it possible the profile is missing from LDAP?
Timothy, could you provide us with the CA debug logs
(/var/log/pki/pki-tomcat/ca/debug) and CA configuration file
(/var/lib/pki/pki-tomcat/ca/conf/CS.cfg)?
Thanks!
--
Endi S. Dewata
More information about the Freeipa-users
mailing list