<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mv="http://macVmlSchemaUri" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:-webkit-standard;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle18
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">And, from the 'ipactl -d --ignore-service-failures restart' we get this:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: stderr=<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: wait_for_open_ports: localhost [8080, 8443] timeout 300<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Waiting until the CA is running<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Starting external process<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://ipa.example.com:8443/ca/admin/ca/getStatus'<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Process finished, return code=4<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: stdout=<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: stderr=--2016-06-10 15:29:38-- https://ipa.example.com:8443/ca/admin/ca/getStatus<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">Resolving ipa.example.com (ipa.example.com)... 10.55.10.31<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">Connecting to ipa.example.com (ipa.example.com)|10.55.10.31|:8443... connected.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">Unable to establish SSL connection.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://ipa.example.com:8443/ca/admin/ca/getStatus''
returned non-zero exit status 4<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Waiting for CA to start...<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Starting external process<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://ipa.example.com:8443/ca/admin/ca/getStatus'<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Process finished, return code=4<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: stdout=<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: stderr=--2016-06-10 15:29:43-- https://ipa.example.com:8443/ca/admin/ca/getStatus<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">Resolving ipa.example.com (ipa.example.com)... 10.55.10.31<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">Connecting to ipa.example.com (ipa.example.com)|10.55.10.31|:8443... connected.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">Unable to establish SSL connection.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: The CA status is: check interrupted due to error: Command ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://ipa.example.com:8443/ca/admin/ca/getStatus''
returned non-zero exit status 4<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Waiting for CA to start...<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: Starting external process<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:Calibri">ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' 'https://ipa.example.com:8443/ca/admin/ca/getStatus'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Which leads me to believe that tomcat doesn't have the right certificate(s).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="text-autospace:none"><a href="http://www.high5games.com/"><span style="font-size:18.0pt;color:blue;text-decoration:none"><img border="0" width="220" height="50" id="_x0000_i1026" src="cid:image001.jpg@01D1C32D.5D927900"></span></a><span style="font-size:15.0pt;font-family:Calibri"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-family:Calibri">Daniel Alex Finkelstein</span></b><span style="font-family:Calibri">| Lead Dev Ops Engineer<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><u><span style="font-family:Calibri;color:blue"><a href="mailto:Dan.Finkelstein@h5g.com"><span style="color:blue">Dan.Finkelstein@h5g.com</span></a></span></u><span style="font-family:Calibri"> | 212.604.3447</span><span style="font-size:15.0pt;font-family:Calibri"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri">One World Trade Center, New York, NY 10007<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri"><a href="http://www.high5games.com/"><span style="color:blue">www.high5games.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri">Play
<a href="https://apps.facebook.com/highfivecasino/"><span style="color:blue">High 5 Casino</span></a> and
<a href="https://apps.facebook.com/shakethesky/"><span style="color:blue">Shake the Sky</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri">Follow us on: <a href="http://www.facebook.com/high5games"><span style="color:blue">Facebook</span></a>, <a href="https://twitter.com/High5Games"><span style="color:blue">Twitter</span></a>, <a href="http://www.youtube.com/High5Games"><span style="color:blue">YouTube</span></a>, <a href="http://www.linkedin.com/company/1072533?trk=tyah"><span style="color:blue">Linkedin</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:Calibri"><o:p> </o:p></span></i></p>
</div>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:Calibri">This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient,
please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.</span></i><span style="font-size:11.0pt;font-family:Calibri"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black"><freeipa-users-bounces@redhat.com> on behalf of Daniel Finkestein <Dan.Finkelstein@high5games.com><br>
<b>Date: </b>Friday, June 10, 2016 at 14:52<br>
<b>To: </b>"freeipa-users@redhat.com" <freeipa-users@redhat.com><br>
<b>Subject: </b>Re: [Freeipa-users] FreeIPA 4.2.0: An error has occurred (IPA Error 4301: CertificateOperationError)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">That’s exactly right, and we got the files and links back to serviceable order. Now we're (merely) facing issues with our restored certificate store, which the pki-tomcatd process is not
happy with. All IPA services start normally except for tomcat, which spits out SSL errors (and we're pretty sure must be related to bad certs… somewhere).</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Internal Database Error encountered: Could not connect to LDAP server host ipa.example.com port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:673)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1107)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1013)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:510)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at com.netscape.certsrv.apps.CMS.init(CMS.java:187)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at com.netscape.certsrv.apps.CMS.start(CMS.java:1601)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at javax.servlet.GenericServlet.init(GenericServlet.java:158)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.lang.reflect.Method.invoke(Method.java:606)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.security.AccessController.doPrivileged(Native Method)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at javax.security.auth.Subject.doAsPrivileged(Subject.java:536)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:123)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1272)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5210)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5493)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.security.AccessController.doPrivileged(Native Method)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:672)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1862)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.util.concurrent.FutureTask.run(FutureTask.java:262)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> at java.lang.Thread.run(Thread.java:745)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I think we might be willing to toss out the existing certificate store and start anew, which fortunately should preserve the DNS, user, group, etc., data already in LDAP. If we wanted to
create a new trust and self-signed cert for the server, how are those steps different from promoting a replica to a cert-signing master?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Dan</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="text-autospace:none"><a href="http://www.high5games.com/"><span style="font-size:18.0pt;color:blue;text-decoration:none"><img border="0" width="220" height="50" id="_x0000_i1025" src="cid:image002.jpg@01D1C32D.5D927900"></span></a><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-family:Calibri">Daniel Alex Finkelstein</span></b><span style="font-family:Calibri">| Lead Dev Ops Engineer</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><u><span style="font-family:Calibri;color:blue"><a href="mailto:Dan.Finkelstein@h5g.com"><span style="color:blue">Dan.Finkelstein@h5g.com</span></a></span></u><span style="font-family:Calibri"> | 212.604.3447</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri">One World Trade Center, New York, NY 10007</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri"><a href="http://www.high5games.com/"><span style="color:blue">www.high5games.com</span></a></span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri">Play
<a href="https://apps.facebook.com/highfivecasino/"><span style="color:blue">High 5 Casino</span></a> and
<a href="https://apps.facebook.com/shakethesky/"><span style="color:blue">Shake the Sky</span></a></span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Calibri">Follow us on: <a href="http://www.facebook.com/high5games"><span style="color:blue">Facebook</span></a>, <a href="https://twitter.com/High5Games"><span style="color:blue">Twitter</span></a>, <a href="http://www.youtube.com/High5Games"><span style="color:blue">YouTube</span></a>, <a href="http://www.linkedin.com/company/1072533?trk=tyah"><span style="color:blue">Linkedin</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:Calibri"> </span></i><o:p></o:p></p>
</div>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:Calibri">This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient,
please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.</span></i><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">Rob Crittenden <rcritten@redhat.com><br>
<b>Date: </b>Friday, June 10, 2016 at 14:48<br>
<b>To: </b>Daniel Finkestein <Dan.Finkelstein@high5games.com>, "freeipa-users@redhat.com" <freeipa-users@redhat.com><br>
<b>Subject: </b>Re: [Freeipa-users] FreeIPA 4.2.0: An error has occurred (IPA Error 4301: CertificateOperationError)</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black">I'd reinstall some rpms to properly create these:</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black">tomcat</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black">pki-base</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black">pki-server</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black">I'm not positive it will fix permissions, rpm -V on the same may point<span class="apple-converted-space"> </span></span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black">out problems as well.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"-webkit-standard","serif";color:black">rob</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>