I tested on another Server, and the renewal of Server Cert for HTTP LAPD was
successful, but the renewal of other PKI related certificates was
unsuccessful.Where do I need to view relevant log information?
#service certmonger restart
root@ipa-ca-65-197:/var/lib/certmonger/requests# getcert list |egrep
'Request|status|expires|ca-error|certificate'
Number of certificates and requests being tracked: 8.
Request ID '20200609161251':
status: CA_UNREACHABLE
ca-error: Error 77 connecting to
https://ipa-ca-65-197.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview:
Problem with the SSL CA cert (path? access rights?).
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
expires: 2022-05-30 16:12:29 UTC
Request ID '20200609161252':
status: CA_UNREACHABLE
ca-error: Error 77 connecting to
https://ipa-ca-65-197.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview:
Problem with the SSL CA cert (path? access rights?).
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
expires: 2022-05-30 16:12:27 UTC
Request ID '20200609161253':
status: CA_UNREACHABLE
ca-error: Error 77 connecting to
https://ipa-ca-65-197.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview:
Problem with the SSL CA cert (path? access rights?).
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB'
expires: 2022-05-30 16:12:27 UTC
Request ID '20200609161254':
status: MONITORING
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS Certificate DB'
expires: 2040-06-09 16:12:26 UTC
Request ID '20200609161255':
status: CA_UNREACHABLE
ca-error: Error 77 connecting to
https://ipa-ca-65-197.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview:
Problem with the SSL CA cert (path? access rights?).
certificate:
type=NSSDB,location='/etc/apache2/nssdb',nickname='ipaCert',token='NSS
Certificate DB'
expires: 2022-05-30 16:12:49 UTC
Request ID '20200609161256':
status: CA_UNREACHABLE
ca-error: Error 77 connecting to
https://ipa-ca-65-197.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview:
Problem with the SSL CA cert (path? access rights?).
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB'
expires: 2022-05-30 16:12:27 UTC
Request ID '20200609161317':
status: MONITORING
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-YYDEVOPS-COM',nickname='Server-Cert',token='NSS
Certificate DB'
expires: 2024-05-28 10:45:34 UTC
Request ID '20200609161342':
status: MONITORING
certificate:
type=NSSDB,location='/etc/apache2/nssdb',nickname='Server-Cert',token='NSS
Certificate DB'
expires: 2024-05-28 10:45:24 UTC
root@ipa-ca-65-197:/var/lib/certmonger/requests# date -R
Sat, 28 May 2022 18:51:41 +0800
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
