Natxo Asenjo wrote:
hi,
On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden <[email protected]
<mailto:[email protected]>> wrote:
Natxo Asenjo wrote:
hi,
I can reproduce this everytime. Restarting httpd fixes it for a
while,
but then ik stops working:
$ ipa cert-show 1
ipa: ERROR: cannot connect to
'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial
<https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial>':
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in
an old,
unsupported format.
It is very strange that it goes from a working to a non-working state.
I have only two suggestions:
1. Create /etc/ipa/server.conf with a [global] section and
debug=True in it, restart httpd. Your log will be quite a bit more
verbose but given it reproduces so quickly hopefully won't be too
big a deal. That might show something.
2. Try brute force with strace. Finding the right httpd process to
strace can be frustrating but usually there are only 8 and they
rotate so eventually you should get the right one.
Could I send you the log files privately?
Sure.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
