[Freeipa-users] Possibly revoked my CA?
Mike K
as23151767 at gmail.com
Tue Sep 27 20:13:01 UTC 2016
We have several IPA servers, recently they got out of sync and in the
course of fixing things, I think we inadvertently revoked the CA.
When I try to get to ipa01 (the first one we built) in Firefox I get this
error:
An error occurred during a connection to ipa01-reston.xco.qq. Peer's
Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE
I can login to 02 & 03 just fine. But when I try to administer anything
certificate related under the GUI I get this error:
IPA Error 4301: CertificateOperationError
Certificate operation cannot be completed: Unable to communicate with CMS
(Internal Server Error)
===
2016-09-23T18:53:54Z 7241 MainThread ipa INFO Deleting
schedule 2358-2359 0 from agreement
cn=meToipa01,cn=replica,cn=dc\=xxx\,dc\=xx,cn=mapping tree,cn=config
2016-09-23T18:53:55Z 7241 MainThread ipa INFO Replication
Update in progress: FALSE: status: -1 Incremental update has failed and
requires administrator actionLDAP error: Can't contact LDAP server: start:
0: end: 0
2016-09-27T18:23:10Z 30695 MainThread ipa INFO Getting
ldap service principals for conversion:
(krbprincipalname=ldap/ipa01-xxx at XXX.XX) and
(krbprincipalname=ldap/ipa04.xxx.xx at XXX.XX)
I'm thinking the cert is only revoked on 01, it should be replicated to
02-09. Is there any way to make sure that it doesn't fully replicate
revokation and bring it back to 01? If that's even the problem!
Thanks much,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160927/c0ceacf5/attachment.htm>
More information about the Freeipa-users
mailing list