<font size=2 face="sans-serif">Dear Rob,</font>
<br>
<br><font size=2 face="sans-serif">Please find the entire result.</font>
<br>
<br><font size=2 face="sans-serif">-------------------------------------------------------------------------------------------------</font>
<br><font size=2 face="sans-serif">Number of certificates and requests
being tracked: 8.</font>
<br><font size=2 face="sans-serif">Request ID '20140430124246':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'</font>
<br><font size=2 face="sans-serif">        CA: dogtag-ipa-renew-agent</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=CA Audit,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-19 12:42:02 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">Request ID '20140430124247':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS
Certificate DB'</font>
<br><font size=2 face="sans-serif">        CA: dogtag-ipa-renew-agent</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=OCSP Subsystem,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-19 12:42:01 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation,keyCertSign,cRLSign</font>
<br><font size=2 face="sans-serif">        eku: id-kp-OCSPSigning</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">Request ID '20140430124248':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS
Certificate DB'</font>
<br><font size=2 face="sans-serif">        CA: dogtag-ipa-renew-agent</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=CA Subsystem,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-19 12:42:01 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</font>
<br><font size=2 face="sans-serif">        eku: id-kp-serverAuth,id-kp-clientAuth</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">Request ID '20140430124249':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate
DB'</font>
<br><font size=2 face="sans-serif">        CA: dogtag-ipa-renew-agent</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=IPA RA,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-19 12:42:45 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</font>
<br><font size=2 face="sans-serif">        eku: id-kp-serverAuth,id-kp-clientAuth</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">Request ID '20140430124250':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS
Certificate DB'</font>
<br><font size=2 face="sans-serif">        CA: dogtag-ipa-renew-agent</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-19 12:42:01 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</font>
<br><font size=2 face="sans-serif">        eku: id-kp-serverAuth</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">Request ID '20140430124308':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/etc/dirsrv/slapd-TCS-MOBILITY-COM',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-TCS-MOBILITY-COM/pwdfile.txt'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/etc/dirsrv/slapd-TCS-MOBILITY-COM',nickname='Server-Cert',token='NSS
Certificate DB'</font>
<br><font size=2 face="sans-serif">        CA: IPA</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-30 12:43:07 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</font>
<br><font size=2 face="sans-serif">        eku: id-kp-serverAuth,id-kp-clientAuth</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">Request ID '20140430124352':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB'</font>
<br><font size=2 face="sans-serif">        CA: IPA</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=mydomainname.com,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-30 12:43:51 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</font>
<br><font size=2 face="sans-serif">        eku: id-kp-serverAuth,id-kp-clientAuth</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">Request ID '20140430124456':</font>
<br><font size=2 face="sans-serif">        status:
MONITORING</font>
<br><font size=2 face="sans-serif">        stuck: no</font>
<br><font size=2 face="sans-serif">        key pair
storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'</font>
<br><font size=2 face="sans-serif">        certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'</font>
<br><font size=2 face="sans-serif">        CA: IPA</font>
<br><font size=2 face="sans-serif">        issuer:
CN=Certificate Authority,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        subject:
CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM</font>
<br><font size=2 face="sans-serif">        expires:
2016-04-30 12:44:55 UTC</font>
<br><font size=2 face="sans-serif">        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</font>
<br><font size=2 face="sans-serif">        eku: id-kp-serverAuth,id-kp-clientAuth</font>
<br><font size=2 face="sans-serif">        pre-save
command:</font>
<br><font size=2 face="sans-serif">        post-save
command:</font>
<br><font size=2 face="sans-serif">        track: yes</font>
<br><font size=2 face="sans-serif">        auto-renew:
yes</font>
<br><font size=2 face="sans-serif">-------------------------------------------------------------------------------------------------<br>
<br>
Regards<br>
Sanju Abraham<br>
</font>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:      
 </font><font size=1 face="sans-serif">Rob Crittenden <rcritten@redhat.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:      
 </font><font size=1 face="sans-serif">Sanju A <sanju.a@tcs.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Cc:      
 </font><font size=1 face="sans-serif">freeipa-users@redhat.com</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:      
 </font><font size=1 face="sans-serif">22-05-2015 18:26</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:    
   </font><font size=1 face="sans-serif">Re: [Freeipa-users]
Certificate operation cannot be completed: Unable to communicate with CMS
(Not Found)</font>
<br>
<hr noshade>
<br>
<br>
<br><tt><font size=2>Sanju A wrote:<br>
> Dear Rob,<br>
><br>
> The result is from ipa master server.<br>
<br>
Ok, then this can't be the entire output. For a master with a CA there
<br>
should be about 8 certs tracked<br>
<br>
rob<br>
<br>
><br>
><br>
> Regards<br>
> Sanju Abraham<br>
><br>
><br>
><br>
> From: Rob Crittenden <rcritten@redhat.com><br>
> To: Sanju A <sanju.a@tcs.com><br>
> Cc: freeipa-users@redhat.com<br>
> Date: 21-05-2015 19:03<br>
> Subject: Re: [Freeipa-users] Certificate operation cannot be completed:<br>
> Unable to communicate with CMS (Not Found)<br>
> ------------------------------------------------------------------------<br>
><br>
><br>
><br>
> Sanju A wrote:<br>
>  > Dear Rob,<br>
>  ><br>
>  > Please find the result of getcert list.<br>
>  ><br>
>  > Request ID '20140430124456':<br>
>  >          status: MONITORING<br>
>  >          stuck: no<br>
>  >          key pair storage:<br>
>  > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS<br>
>  > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br>
>  >          certificate:<br>
>  > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS<br>
>  > Certificate DB'<br>
>  >          CA: IPA<br>
>  >          issuer: CN=Certificate
Authority,O=EXAMPLE.COM<br>
>  >          subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM<br>
>  >          expires: 2016-04-30 12:44:55
UTC<br>
>  >          key usage:<br>
>  > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment<br>
>  >          eku: id-kp-serverAuth,id-kp-clientAuth<br>
>  >          pre-save command:<br>
>  >          post-save command:<br>
>  >          track: yes<br>
>  >          auto-renew: yes<br>
><br>
> You need to run getcert list on the IPA master running the CA that
can't<br>
> be contacted, not the host you're trying to delete.<br>
><br>
> rob<br>
><br>
>  ><br>
>  ><br>
>  > Regards<br>
>  > Sanju Abraham<br>
>  ><br>
>  ><br>
>  ><br>
>  ><br>
>  > From: Rob Crittenden <rcritten@redhat.com><br>
>  > To: Sanju A <sanju.a@tcs.com>, freeipa-users@redhat.com<br>
>  > Date: 20-05-2015 19:04<br>
>  > Subject: Re: [Freeipa-users] Certificate operation cannot
be completed:<br>
>  > Unable to communicate with CMS (Not Found)<br>
>  > ------------------------------------------------------------------------<br>
>  ><br>
>  ><br>
>  ><br>
>  > Sanju A wrote:<br>
>  >  > Hi,<br>
>  >  ><br>
>  >  > I am getting the following error while removing
a host.<br>
>  >  ><br>
>  >  > ---------------------------------------<br>
>  >  > Certificate operation cannot be completed: Unable
to communicate with<br>
>  >  > CMS (Not Found)<br>
>  >  > ---------------------------------------<br>
>  ><br>
>  > This usually means that the CA is not serving requestss.
It may be up<br>
>  > and running but that doesn't mean the webapp is working.<br>
>  ><br>
>  > This is often due to expired CA subsystem certificates.
Run getcert list<br>
>  > to check.<br>
>  ><br>
>  > rob<br>
>  ><br>
>  ><br>
>  > =====-----=====-----=====<br>
>  > Notice: The information contained in this e-mail<br>
>  > message and/or attachments to it may contain<br>
>  > confidential or privileged information. If you are<br>
>  > not the intended recipient, any dissemination, use,<br>
>  > review, distribution, printing or copying of the<br>
>  > information contained in this e-mail message<br>
>  > and/or attachments to it are strictly prohibited. If<br>
>  > you have received this communication in error,<br>
>  > please notify us by reply e-mail or telephone and<br>
>  > immediately and permanently delete the message<br>
>  > and any attachments. Thank you<br>
>  ><br>
><br>
><br>
<br>
</font></tt>
<br>