[Freeipa-users] replica added, but clients still try renewing certificates with old master
Petr Vobornik
pvoborni at redhat.com
Fri Sep 23 07:29:12 UTC 2016
On 09/21/2016 05:06 PM, Natxo Asenjo wrote:
> hi Petr,
>
> On Wed, Sep 21, 2016 at 4:38 PM, Petr Vobornik <pvoborni at redhat.com
> <mailto:pvoborni at redhat.com>> wrote:
>
> On 09/21/2016 10:50 AM, Natxo Asenjo wrote:
>
> > When I try to resubmit certificates from certmonger they still hit the kdc01 web
> > server, so the requests hang on an status: CA_UNREACHABLE
> > ca-error: Server failed request, will retry: 4301 (RPC failed at server.
> > Certificate operation cannot be completed: Failure decoding Certificate Signing
> > Request).
>
> Where does it happen? On arbitrary client which was installed in a past
> against the removed kdc01?
>
>
> yes.
>
>
> If so could you look into /etc/ipa/default.conf and change host option
> from kdc01 to the 7.2 IPA sever?
>
>
> ok, done.
>
> In fact, change both the domain as the xmlrpc_uri directives in the global
> section was necessary. Now It worked :-)
>
> So, what should be the correct value for dns discovery for both directives using
> dns discovery?
I don't think there is a support for DNS discovery in Certmonger. CCing Rob.
>
> thanks!
> --
> Groeten,
> natxo
>
--
Petr Vobornik
More information about the Freeipa-users
mailing list