Hi, I want to upgrade tomcat version from 9.0.62 to 9.0.98 in FreeIPA 4.11.0 -
CentOS 9
[root@aaa~]# yum list installed tomcat*
Installed Packages
tomcat.noarch
1:9.0.62-39.el9
@appstream
tomcat-el-3.0-api.noarch
1:9.0.62-39.el9
@appstream
tomcat-jsp-2.3-api.noarch
1:9.0.62-39.el9
@appstream
tomcat-lib.noarch
1:9.0.62-39.el9
@appstream
tomcat-servlet-4.0-api.noarch
1:9.0.62-39.el9
@appstream
[root@aaa ~]# yum list available tomcat*
Available Packages
tomcat.noarch
1:9.0.87-2.el9
appstream
tomcat-admin-webapps.noarch
1:9.0.87-2.el9
appstream
tomcat-docs-webapp.noarch
1:9.0.87-2.el9
appstream
tomcat-el-3.0-api.noarch
1:9.0.87-2.el9
appstream
tomcat-jsp-2.3-api.noarch
1:9.0.87-2.el9
appstream
tomcat-lib.noarch
1:9.0.87-2.el9
appstream
tomcat-servlet-4.0-api.noarch
1:9.0.87-2.el9
appstream
tomcat-webapps.noarch
1:9.0.87-2.el9
appstream
tomcatjss.noarch
8.2.0-0.2.beta1.el9
appstream
It can't not update with yum. So I download tomcat:9.0.98 with command: "wget
https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.98/bin/apache-tomcat-9.0.98.tar.gz";
I changed time system to force certificates renewal. Some certificates renew
successfully, but some are failed:
Request ID '20240627032922':
status: CA_UNREACHABLE
ca-error: Error 7 connecting to
http://aaa.bbb.com:8080/ca/ee/ca/profileSubmit: Couldn't connect to server.
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=BBB.COM
subject: CN=aaa.bbb.com,O=BBB.COM
issued: 2024-06-27 03:28:19 UTC
expires: 2026-06-17 03:28:19 UTC
dns: aaa.bbb..com
key usage: digitalSignature,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
profile: caServerCert
pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"Server-Cert cert-pki-ca"
track: yes
auto-renew: yes
Can someone help me ?
Thanks a lot.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
