junhou he via FreeIPA-users wrote: > Hi , > I opened two windows, one to run ipa cert-show1, one to observe the debug log > [root@wocfreeipa ~]# ipa cert-show 1 > ipa: ERROR: Failed to authenticate to CA REST API > [root@wocfreeipa ~]# ipa cert-show 1 > ipa: ERROR: Failed to authenticate to CA REST API > [root@wocfreeipa ~]# ipa cert-show 1 > ipa: ERROR: Failed to authenticate to CA REST API
So it isn't hitting the CA at all. Check /var/log/httpd/error_log for any details. rob > > [root@wocfreeipa ~]# tail -f /var/log/pki/pki-tomcat/ca/debug.2022-12-13.log > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=INVALID) > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: > Updating valid certs to expired > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=VALID) > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn: > cn=2,ou=certificateRepository,ou=ca,o=ipaca > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: > Updating revoked certs to expired > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca > 2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=REVOKED) > 2022-12-13 11:18:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying > LDAP entry cn=MasterCRL,ou=crlIssuingPoints,o=ipaca > 2022-12-13 11:18:31 [Timer-0] INFO: SessionTimer: checking security domain > sessions > 2022-12-13 11:22:35 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-8] INFO: Getting > certificate 0x1 > 2022-12-13 11:22:35 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-8] INFO: LDAPSession: > reading cn=1,ou=certificateRepository, ou=caca > 2022-12-13 11:23:06 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] INFO: Getting > certificate 0x1 > 2022-12-13 11:23:06 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] INFO: LDAPSession: > reading cn=1,ou=certificateRepository, ou=caca > 2022-12-13 11:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: > Updating serial number counter > 2022-12-13 11:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: > Checking serial number ranges > 2022-12-13 11:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: > Checking request ID ranges > 2022-12-13 11:23:31 [Timer-0] INFO: SessionTimer: checking security domain > sessions > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: > Updating cert status > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: > Updating invalid certs to valid > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=INVALID) > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: > Updating valid certs to expired > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=VALID) > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn: > cn=2,ou=certificateRepository,ou=ca,o=ipaca > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: > Updating revoked certs to expired > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching > ou=certificateRepository, ou=ca,o=ipaca > 2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter: > (certStatus=REVOKED) > > 2022-12-13 11:28:14 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: Getting > certificate 0x1 > 2022-12-13 11:28:14 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: LDAPSession: > reading cn=1,ou=certificateRepository, ou=ca,o=ipaca > > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
