[Freeipa-users] Replica issue / Certificate Authority

Christophe TREFOIS christophe.trefois at uni.lu
Wed Jan 4 13:19:19 UTC 2017 

Hi Florence,

I did what you said, and then the status went to CA_WORKING. Then I restart ipa and certmonger and the status went to CA_UNREACHABLE.
Then i did “resubmit” again and now the status is back to MONITORING, but the cookie error is back.

Any advice?

[root at lums3 ~]# getcert list -n ipaCert
Number of certificates and requests being tracked: 8.
Request ID '20161216025136':
	status: MONITORING
	ca-error: Invalid cookie: ''
	stuck: no
	key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
	certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
	CA: dogtag-ipa-ca-renew-agent
	issuer: CN=Certificate Authority,O=UNI.LU
	subject: CN=IPA RA,O=UNI.LU
	expires: 2018-12-16 03:13:48 UTC
	key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
	eku: id-kp-serverAuth,id-kp-clientAuth
	pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
	post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
	track: yes
	auto-renew: yes

-- 

Dr Christophe Trefois, Dipl.-Ing.  
Technical Specialist / Post-Doc

UNIVERSITÉ DU LUXEMBOURG

LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
Campus Belval | House of Biomedicine  
6, avenue du Swing 
L-4367 Belvaux  
T: +352 46 66 44 6124 
F: +352 46 66 44 6949  
http://www.uni.lu/lcsb <http://www.uni.lu/lcsb>
 <https://www.facebook.com/trefex>   <https://twitter.com/Trefex>   <https://plus.google.com/+ChristopheTrefois/>   <https://www.linkedin.com/in/trefoischristophe>   <http://skype:Trefex?call>
----
This message is confidential and may contain privileged information. 
It is intended for the named recipient only. 
If you receive it in error please notify me and permanently delete the original message and any copies. 
----

  

> On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <flo at redhat.com> wrote:
> 
> getcert resubmit -i <id for ipaCert>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/5d59004a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3509 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/5d59004a/attachment.p7s>

More information about the Freeipa-users mailing list