<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Thanks Rob, that worked.<div class=""> </div><div class="">Still on the subject of certs, any idea how to solve this error:</div><div class=""> </div><div class=""><span style="color: rgb(34, 34, 34); font-family: 'Liberation Sans', Arial, Sans, sans-serif; font-size: 11px; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(249, 249, 249);" class="">Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.</div><div class=""><span style="color: rgb(34, 34, 34); font-family: 'Liberation Sans', Arial, Sans, sans-serif; font-size: 11px; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(249, 249, 249);" class=""> </div><div class=""><span style="color: rgb(34, 34, 34); font-family: 'Liberation Sans', Arial, Sans, sans-serif; font-size: 11px; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(249, 249, 249);" class="">I see that in the gui when querying hosts as well as from cli when I ipa-show or ipa-find</div><div class=""> </div><div class=""> <div class=""> <div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><table width="550px" bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0" style="color: rgb(51, 51, 51); font-size: 13.3333px; orphans: 2; widows: 2; font-family: 'Times New Roman';" class=""><tbody class=""><tr height="10" class=""></tr><tr border="0" cellspacing="0" cellpadding="0" class=""><td style="font-family: arial, sans-serif; margin: 0px; padding: 6px 0px 0px; color: rgb(136, 136, 136); width: 550px; border-top-width: 8px; border-top-style: solid; border-top-color: rgb(103, 89, 163);" class=""><table width="100%" border="0" cellspacing="0" cellpadding="0" class=""><tbody class=""><tr class=""><th rowspan="3" style="border-right-width: 1px; border-right-style: solid; border-right-color: rgb(210, 210, 210); padding-right: 1px; width: 90px;" class=""><a href="http://www.placeiq.com/" target="_blank" style="color: rgb(17, 85, 204);" class=""></a><a href="http://www.placeiq.com/" target="_blank" style="color: rgb(17, 85, 204);" class=""></a><a href="http://www.placeiq.com/" target="_blank" style="color: rgb(17, 85, 204);" class=""><img src="https://ci3.googleusercontent.com/proxy/tFn1I-GEOnccUtv8DHHEc49-6g3x3CbuQKzbfl2Z1BObEy0Qz6QebJimpP96TK3Za5MXwXTuwBZaobKp22nYAG3NdxAC0Q=s0-d-e1-ft#https://marketing.placeiq.net/images/placeiq.png" alt="" style="width: 80px;" class=""></a></th><td align="left" style="font-family: sans-serif; margin: 0px; color: rgb(136, 136, 136); line-height: 10px; padding-left: 10px; padding-top: 5px;" class="">Jim Richard</td><th rowspan="3" style="padding-right: 1px; width: 40px; padding-left: 5px;" class=""><a href="https://twitter.com/placeiq" target="_blank" style="color: rgb(17, 85, 204);" class=""></a><a href="https://twitter.com/placeiq" target="_blank" style="color: rgb(17, 85, 204);" class=""></a><a href="https://twitter.com/placeiq" target="_blank" style="color: rgb(17, 85, 204);" class=""><img src="https://ci4.googleusercontent.com/proxy/490PXYv9O6OiIp_DL4vuabJqVn53fMon5xNYZdftCVea9ySR2LcFDHe6Cdntb2G68uDAuA6FgLny8wKWLFWpsrPAt_FtLaE=s0-d-e1-ft#https://marketing.placeiq.net/images/twitter1.png" alt="" style="width: 35px;" class=""></a></th><th rowspan="3" style="padding-right: 1px; width: 40px;" class=""><a href="https://www.facebook.com/PlaceIQ" target="_blank" style="color: rgb(17, 85, 204);" class=""></a><a href="https://www.facebook.com/PlaceIQ" target="_blank" style="color: rgb(17, 85, 204);" class=""><img src="https://ci3.googleusercontent.com/proxy/fztHf1lRKLQYcAxebqfp2PYXCwVap3GobHVIbyp0j3NcuJOY16bUAZBibVOFf-fd1GsiuhrOfYy6dSwhlCwWU8ZUlw9OX5I=s0-d-e1-ft#https://marketing.placeiq.net/images/facebook.png" alt="" style="width: 35px;" class=""></a></th><th rowspan="3" style="padding-right: 1px; width: 40px;" class=""><a href="https://www.linkedin.com/company/placeiq" target="_blank" style="color: rgb(17, 85, 204);" class=""></a><a href="https://www.linkedin.com/company/placeiq" target="_blank" style="color: rgb(17, 85, 204);" class=""><img src="https://ci5.googleusercontent.com/proxy/H26ThD7R6DOqxoLTgzi6k5SMrHoF2Tj44xI_7XlD9KfOIiGwe1WIMc5iQBxUBA9EuIyJMdaRXrhZTOrnkrn8O9Rf1FP9UQU=s0-d-e1-ft#https://marketing.placeiq.net/images/linkedin.png" alt="" style="width: 35px;" class=""></a></th></tr><tr class=""><td align="left" style="font-family: Trebuchet, sans-serif; margin: 0px; font-size: 9px; text-transform: uppercase; font-weight: bold; color: rgb(136, 136, 136); line-height: 10px; padding-left: 10px; padding-top: 7px;" class="">SYSTEM ADMINISTRATOR III</td></tr><tr class=""><td align="left" style="font-family: sans-serif; margin: 0px; color: rgb(136, 136, 136); line-height: 10px; padding-left: 10px; padding-top: 3px;" class="">(646) 338-8905 </td></tr></tbody></table></td></tr></tbody></table><br style="color: rgb(51, 51, 51); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""><a href="http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""></a><a href="http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP" target="_blank" style="color: rgb(17, 85, 204); font-family: 'Open Sans', sans-serif; font-size: 13.3333px; font-variant-ligatures: normal; line-height: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""><img src="https://ci4.googleusercontent.com/proxy/Xqk1hkB7_SIclVudOCHTV4jF9HPS8rkm5ra85H3FdxdydnNjbFxrkPYiZpJiyPlJR_2zweGqjJ4dD1Ei6RoSWk09h_iYqQQ2w6KGm9Rp9RvSwhQH2RGkEAq_3Q=s0-d-e1-ft#https://marketing.placeiq.net/images/LocationDataAccuracy-V1.1-01.png" alt="PlaceIQ:Location Data Accuracy" style="float: left;" class=""></a></div> </div> <div><blockquote type="cite" class=""><div class="">On Sep 28, 2016, at 7:44 AM, Rob Crittenden <<a href="mailto:rcritten@redhat.com" class="">rcritten@redhat.com</a>> wrote:</div> <div class=""><div class="">Jim Richard wrote: <blockquote type="cite" class="">I have a master with apparently correct, non expired certs but when I create a new replica master I end up with expired certs. How is this possible, why and of course, how do I fix? </blockquote> I assume you are running IPA v3.0.0? The problem is that the root CA stash isn't updated when a replica file is prepared in that version (fixed in 3.3 IIRC). You can do this manually with something like: # PKCS12Export -d /var/lib/pki-ca/alias -p /root/dbpass -w /root/dmpass -o /root/cacert.p12 where /root/dmpass is a file that contains the Directory Manager password. Then rerun ipa-replica-prepare and things should work. You can look at the certs in /root/cacert.p12 util pk12util to see the change. rob <blockquote type="cite" class=""> first set is the original master and the second is the certs I get on the new replica [root@sso-110:(NYM) nssdb]$ getcert list Number of certificates and requests being tracked: 8. Request ID '20140923213643': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile .txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-110.nym1.placeiq.net" class="">sso-110.nym1.placeiq.net</a> <<a href="http://sso-110.nym1.placeiq.net" class="">http://sso-110.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-08-28 10:36:04 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv PKI-IPA track: yes auto-renew: yes Request ID '20140923213732': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-110.nym1.placeiq.net" class="">sso-110.nym1.placeiq.net</a> <<a href="http://sso-110.nym1.placeiq.net" class="">http://sso-110.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-08-06 10:36:02 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes Request ID '20140923213814': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PLACEIQ-NET',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PLACEIQ-NET /pwdfile.txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-PLACEIQ-NET',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-110.nym1.placeiq.net" class="">sso-110.nym1.placeiq.net</a> <<a href="http://sso-110.nym1.placeiq.net" class="">http://sso-110.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-08-28 10:36:04 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv PLACEIQ-NET track: yes auto-renew: yes Request ID '20140923213856': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-110.nym1.placeiq.net" class="">sso-110.nym1.placeiq.net</a> <<a href="http://sso-110.nym1.placeiq.net" class="">http://sso-110.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-08-28 10:36:04 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_httpd track: yes auto-renew: yes Request ID '20160119021025': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=CA Audit,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2017-10-26 04:38:19 UTC key usage: digitalSignature,nonRepudiation pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160119021038': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=OCSP Subsystem,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2017-10-26 04:37:19 UTC eku: id-kp-OCSPSigning pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160119021055': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=CA Subsystem,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2017-10-26 04:37:19 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160119021104': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=IPA RA,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2017-10-26 04:37:19 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert track: yes auto-renew: yes The new replica: [root@sso-108:(NYM) ~]$ getcert list Number of certificates and requests being tracked: 8. Request ID '20160927191253': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile .txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-108.nym1.placeiq.net" class="">sso-108.nym1.placeiq.net</a> <<a href="http://sso-108.nym1.placeiq.net" class="">http://sso-108.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-09-28 19:10:33 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv PKI-IPA track: yes auto-renew: yes Request ID '20160927191452': status: CA_WORKING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-retrieve-agent-submit issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=CA Audit,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2015-12-03 21:57:56 UTC key usage: digitalSignature,nonRepudiation pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/restart_pkicad "auditSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160927191453': status: CA_WORKING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-retrieve-agent-submit issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=OCSP Subsystem,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2015-12-03 21:57:56 UTC key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign eku: id-kp-OCSPSigning pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/restart_pkicad "ocspSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160927191454': status: CA_WORKING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-retrieve-agent-submit issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=CA Subsystem,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2015-12-03 21:57:56 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad post-save command: /usr/lib64/ipa/certmonger/restart_pkicad "subsystemCert cert-pki-ca" track: yes auto-renew: yes Request ID '20160927191455': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-108.nym1.placeiq.net" class="">sso-108.nym1.placeiq.net</a> <<a href="http://sso-108.nym1.placeiq.net" class="">http://sso-108.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-09-17 19:14:36 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth pre-save command: post-save command: track: yes auto-renew: yes Request ID '20160927191540': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PLACEIQ-NET',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PLACEIQ-NET /pwdfile.txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-PLACEIQ-NET',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-108.nym1.placeiq.net" class="">sso-108.nym1.placeiq.net</a> <<a href="http://sso-108.nym1.placeiq.net" class="">http://sso-108.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-09-28 19:10:32 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv PLACEIQ-NET track: yes auto-renew: yes Request ID '20160927192114': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=<a href="http://sso-108.nym1.placeiq.net" class="">sso-108.nym1.placeiq.net</a> <<a href="http://sso-108.nym1.placeiq.net" class="">http://sso-108.nym1.placeiq.net</a>>,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2018-09-28 19:10:34 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_httpd track: yes auto-renew: yes Request ID '20160927192146': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB' CA: dogtag-ipa-retrieve-agent-submit issuer: CN=Certificate Authority,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> subject: CN=IPA RA,O=<a href="http://placeiq.net" class="">PLACEIQ.NET</a> <<a href="http://placeiq.net" class="">http://placeiq.net</a>> expires: 2017-10-26 04:37:19 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_httpd track: yes auto-renew: yes <<a href="http://www.placeiq.com/" class="">http://www.placeiq.com/</a>><<a href="http://www.placeiq.com/" class="">http://www.placeiq.com/</a>><<a href="http://www.placeiq.com/" class="">http://www.placeiq.com/</a>> Jim Richard <<a href="https://twitter.com/placeiq" class="">https://twitter.com/placeiq</a>><<a href="https://twitter.com/placeiq" class="">https://twitter.com/placeiq</a>><<a href="https://twitter.com/placeiq" class="">https://twitter.com/placeiq</a>> <<a href="https://www.facebook.com/PlaceIQ" class="">https://www.facebook.com/PlaceIQ</a>><<a href="https://www.facebook.com/PlaceIQ" class="">https://www.facebook.com/PlaceIQ</a>> <<a href="https://www.linkedin.com/company/placeiq" class="">https://www.linkedin.com/company/placeiq</a>><<a href="https://www.linkedin.com/company/placeiq" class="">https://www.linkedin.com/company/placeiq</a>> SYSTEM ADMINISTRATOR III /(646) 338-8905 / <<a href="http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/" class="">http://www.placeiq.com/2015/05/26/placeiq-named-winner-of-prestigious-2015-oracle-data-cloud-activate-award/</a>><<a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" class="">http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/</a>><<a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" class="">http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/</a>><<a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" class="">http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/</a>><<a href="http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/" class="">http://placeiq.com/2015/12/18/accuracy-vs-precision-in-location-data-mma-webinar/</a>><<a href="http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/" class="">http://placeiq.com/2016/03/08/measuring-addressable-tv-campaigns-is-now-possible/</a>><<a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" class="">http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/</a>><<a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" class="">http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/</a>><<a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" class="">http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/</a>><<a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/" class="">http://placeiq.com/2016/04/13/placeiq-joins-the-network-advertising-initiative-nai-as-100th-member/</a>><<a href="http://placeiq.com/2016/04/13/placeiq-joins-the-network-a" class="">http://placeiq.com/2016/04/13/placeiq-joins-the-network-a</a>! </blockquote>dvertising -initiative-nai-as-100th-member/>PlaceIQ:Location <blockquote type="cite" class="">Data Accuracy <<a href="http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP" class="">http://pages.placeiq.com/Location-Data-Accuracy-Whitepaper-Download.html?utm_source=Signature&utm_medium=Email&utm_campaign=AccuracyWP</a>> </blockquote> </div></div></blockquote></div> </div></body></html>