[Freeipa-users] Impossible to renew certificate. pki-tomcat issue
Bertrand Rétif
bretif at phosphore.eu
Tue Oct 18 21:22:28 UTC 2016
Hello,
I had an issue with pki-tomcat.
I had serveral certificate that was expired and pki-tomcat did not start anymore.
I set the dateon the server before certificate expiration and then pki-tomcat starts properly.
Then I try to resubmit the certificate, but I get below error:
"Profile caServerCert Not Found"
Do you have any idea how I could fix this issue.
Please find below output of commands:
# getcert resubmit -i 20160108170324
# getcert list -i 20160108170324
Number of certificates and requests being tracked: 7.
Request ID '20160108170324':
status: MONITORING
ca-error: Server at "http://sdkipa01.a.skinfra.eu:8080/ca/ee/ca/profileSubmit" replied: Profile caServerCert Not Found
stuck: no
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=A.SKINFRA.EU
subject: CN=IPA RA,O=A.SKINFRA.EU
expires: 2016-06-28 15:25:11 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: /usr/lib64/ipa/certmonger/renew_ra_cert_pre
post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
Thanksby advance for your help.
Bertrand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161018/7fe5f753/attachment.htm>
More information about the Freeipa-users
mailing list