Re: [Freeipa-users] Replica issue / Certificate Authority

Wed, 04 Jan 2017 05:24:07 -0800 

Hi Florence,

I did what you said, and then the status went to CA_WORKING. Then I restart ipa 
and certmonger and the status went to CA_UNREACHABLE.
Then i did “resubmit” again and now the status is back to MONITORING, but the 
cookie error is back.

Any advice?

[root@lums3 ~]# getcert list -n ipaCert
Number of certificates and requests being tracked: 8.
Request ID '20161216025136':
        status: MONITORING
        ca-error: Invalid cookie: ''
        stuck: no
        key pair storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS 
Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=UNI.LU
        subject: CN=IPA RA,O=UNI.LU
        expires: 2018-12-16 03:13:48 UTC
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
        post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
        track: yes
        auto-renew: yes

-- 

Dr Christophe Trefois, Dipl.-Ing.  
Technical Specialist / Post-Doc

UNIVERSITÉ DU LUXEMBOURG

LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
Campus Belval | House of Biomedicine  
6, avenue du Swing 
L-4367 Belvaux  
T: +352 46 66 44 6124 
F: +352 46 66 44 6949  
http://www.uni.lu/lcsb <http://www.uni.lu/lcsb>
 <https://www.facebook.com/trefex>   <https://twitter.com/Trefex>   
<https://plus.google.com/+ChristopheTrefois/>   
<https://www.linkedin.com/in/trefoischristophe>   <http://skype:Trefex?call>
----
This message is confidential and may contain privileged information. 
It is intended for the named recipient only. 
If you receive it in error please notify me and permanently delete the original 
message and any copies. 
----

  

> On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <[email protected]> wrote:
> 
> getcert resubmit -i <id for ipaCert>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to