Tran Ngoc Duc via FreeIPA-users wrote: > Hi, I want to upgrade tomcat version from 9.0.62 to 9.0.98 in FreeIPA 4.11.0 > - CentOS 9 > > [root@aaa~]# yum list installed tomcat* > Installed Packages > tomcat.noarch > 1:9.0.62-39.el9 > @appstream > tomcat-el-3.0-api.noarch > 1:9.0.62-39.el9 > @appstream > tomcat-jsp-2.3-api.noarch > 1:9.0.62-39.el9 > @appstream > tomcat-lib.noarch > 1:9.0.62-39.el9 > @appstream > tomcat-servlet-4.0-api.noarch > 1:9.0.62-39.el9 > @appstream > > [root@aaa ~]# yum list available tomcat* > Available Packages > tomcat.noarch > 1:9.0.87-2.el9 > appstream > tomcat-admin-webapps.noarch > 1:9.0.87-2.el9 > appstream > tomcat-docs-webapp.noarch > 1:9.0.87-2.el9 > appstream > tomcat-el-3.0-api.noarch > 1:9.0.87-2.el9 > appstream > tomcat-jsp-2.3-api.noarch > 1:9.0.87-2.el9 > appstream > tomcat-lib.noarch > 1:9.0.87-2.el9 > appstream > tomcat-servlet-4.0-api.noarch > 1:9.0.87-2.el9 > appstream > tomcat-webapps.noarch > 1:9.0.87-2.el9 > appstream > tomcatjss.noarch > 8.2.0-0.2.beta1.el9 > appstream > > It can't not update with yum. So I download tomcat:9.0.98 with command: "wget > https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.98/bin/apache-tomcat-9.0.98.tar.gz"; > I changed time system to force certificates renewal. Some certificates renew > successfully, but some are failed: > > Request ID '20240627032922': > status: CA_UNREACHABLE > ca-error: Error 7 connecting to > http://aaa.bbb.com:8080/ca/ee/ca/profileSubmit: Couldn't connect to server. > stuck: no > key pair storage: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert > cert-pki-ca',token='NSS Certificate DB',pin set > certificate: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert > cert-pki-ca',token='NSS Certificate DB' > CA: dogtag-ipa-ca-renew-agent > issuer: CN=Certificate Authority,O=BBB.COM > subject: CN=aaa.bbb.com,O=BBB.COM > issued: 2024-06-27 03:28:19 UTC > expires: 2026-06-17 03:28:19 UTC > dns: aaa.bbb..com > key usage: digitalSignature,keyEncipherment,dataEncipherment > eku: id-kp-serverAuth,id-kp-clientAuth > profile: caServerCert > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad > post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert > "Server-Cert cert-pki-ca" > track: yes > auto-renew: yes > > Can someone help me ?
Why did you sideload the tomcat package this way? Did you spin up your own rpm package from the tarball or just untar it? I'm not sure if any testing has been done with tomcat 9.0.98. Note that rpm versioning can be misleading as CentOS and RHEL often backports fixes rather then rebasing. Why did you change time? Just to see if this would work? Or were certs already expired? If they are expired why introduce another variable? What did you change time from and to? rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
