[Freeipa-users] Replica issue / Certificate Authority
Christophe TREFOIS
christophe.trefois at uni.lu
Wed Jan 4 16:40:16 UTC 2017
To all,
So to recap, if I hit resubmit once, I get a CA_WORKING, if I do it immediately after again, I get a MONITORING, but the “ca-error: Invalid cookie” comes back.
How can I get a valid cookie back?
Thanks for your help,
Christophe
> On 4 Jan 2017, at 14:19, Christophe TREFOIS <christophe.trefois at uni.lu> wrote:
>
> Hi Florence,
>
> I did what you said, and then the status went to CA_WORKING. Then I restart ipa and certmonger and the status went to CA_UNREACHABLE.
> Then i did “resubmit” again and now the status is back to MONITORING, but the cookie error is back.
>
> Any advice?
>
> [root at lums3 ~]# getcert list -n ipaCert
> Number of certificates and requests being tracked: 8.
> Request ID '20161216025136':
> status: MONITORING
> ca-error: Invalid cookie: ''
> stuck: no
> key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
> CA: dogtag-ipa-ca-renew-agent
> issuer: CN=Certificate Authority,O=UNI.LU
> subject: CN=IPA RA,O=UNI.LU
> expires: 2018-12-16 03:13:48 UTC
> key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> eku: id-kp-serverAuth,id-kp-clientAuth
> pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
> post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
> track: yes
> auto-renew: yes
>
> --
>
> Dr Christophe Trefois, Dipl.-Ing.
> Technical Specialist / Post-Doc
>
> UNIVERSITÉ DU LUXEMBOURG
>
> LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
> Campus Belval | House of Biomedicine
> 6, avenue du Swing
> L-4367 Belvaux
> T: +352 46 66 44 6124
> F: +352 46 66 44 6949
> http://www.uni.lu/lcsb <http://www.uni.lu/lcsb>
> <https://www.facebook.com/trefex> <https://twitter.com/Trefex> <https://plus.google.com/+ChristopheTrefois/> <https://www.linkedin.com/in/trefoischristophe> <http://skype:Trefex?call>
>
> ----
> This message is confidential and may contain privileged information.
> It is intended for the named recipient only.
> If you receive it in error please notify me and permanently delete the original message and any copies.
> ----
>
>
>
>> On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <flo at redhat.com <mailto:flo at redhat.com>> wrote:
>>
>> getcert resubmit -i <id for ipaCert>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/9c22fd31/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3509 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/9c22fd31/attachment.p7s>
More information about the Freeipa-users
mailing list