Chris Tobey wrote:
Hi Martin,Thank you for the response. Here is what I can see on my FreeIPA server (I replaced my server name with server.com): [Wed Jun 03 10:05:36:..//var/lib/pki-ca]$ ipa cert-show 1 ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) [Wed Jun 03 10:05:47:..//var/lib/pki-ca]$ getcert list Number of certificates and requests being tracked: 8. Request ID '20150407214802': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='303912620731' certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-renew-agent issuer: CN=Certificate Authority,O=SERVER.COM subject: CN=CA Audit,O=SERVER.COM expires: 2017-03-27 21:47:14 UTC key usage: digitalSignature,nonRepudiation pre-save command: post-save command: track: yes auto-renew: yes
Apache proxies to dogtag, so a Not Found means that dogtag either isn't running or its webapp wasn't loaded.
I'd start by restarting [email protected] and see if that helps.
Otherwise you'll need to poke around in the debug long in /var/lib/pki-ca/<something>
rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
