[Freeipa-users] I think I lost my CA...
Bret Wortman
bret.wortman at damascusgrp.com
Wed Apr 26 12:41:54 UTC 2017
Using the firefox debugger, I get these errors when trying to pop up the
New Certificate dialog:
Empty string passed to getElementById(). (5)
jquery.js:4:1060
TypeError: u is undefined app.js:1:362059
Empty string passed to getElementById(). (5)
jquery.js:4:1060
TypeError: t is undefined app.js:1:217432
I'm definitely not a web kind of guy so I'm not sure if this is helpful
or not. This is on 4.4.0, API Version 2.213.
Bret
On 04/26/2017 08:35 AM, Bret Wortman wrote:
>
> Good news. One of my servers _does_ have CA installed. So why does
> "Action -> New Certificate" not do anything on this or any other server?
>
>
> Bret
>
>
> On 04/25/2017 02:52 PM, Bret Wortman wrote:
>>
>> I recently had to upgrade all my Fedora IPA servers to C7. It went
>> well, and we've been up and running nicely on 4.4.0 on C7 for the
>> past month or so.
>>
>> Today, someone came and asked me to generate a new certificate for
>> their web server. All was good until I went to the IPA UI and tried
>> to perform Actions->New Certificate, which did nothing. I tried each
>> of our 3 servers in turn. All came back with no popup window and no
>> error, either.
>>
>> I suspect the problem might be that we no longer have a CA server due
>> to the method I used to upgrade the servers. I likely missed a
>> "--setup-ca" in there somewhere, so my rolling update rolled over the CA.
>>
>> What's my best hope of recovery? I never ran this before, so I'm not
>> sure if this shows that I'm missing a CA or not:
>>
>> # ipa ca-find
>> ------------
>> 1 CA matched
>> ------------
>> Name: ipa
>> Description IPA CA
>> Authority ID: 3ce3346[...]
>> Subject DN: CN=Certificate Authority, O=DAMASCUSGRP.COM
>> Issuer DN: CN=Certificate Authority,O=DAMASCUSGRP.COM
>> ----------------------------
>> Number of entries returned 1
>> ----------------------------
>> # ipa ca-add dg --desc "Damascus Group" --subject "CN=DG CA,
>> O=DAMASCUSGRP.COM"
>> ipa: ERROR: Failed to authenticate to CA REST API
>> # klist
>> Ticket cache: KEYRING:persistent:0:0
>> Default principal: admin at DAMASCUSGRP.COM
>>
>> Valid starting Expires Service principal
>> 04/25/2017 18:48:26 04/26/2017 18:48:21
>> krbtgt/DAMASCUSGRP.COM at DAMASCUSGRP.COM
>> #
>>
>>
>> What's my best path of recovery?
>>
>> --
>> *Bret Wortman*
>> The Damascus Group
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170426/c0fc8373/attachment.htm>
More information about the Freeipa-users
mailing list