Hi Fraser, at the moment, i can't provide this logfile, i've moved that back to have only new log lines. But a new new logfile is not created ??? In my old logfile i have some lines after switch to basic auth, but before setting time to past:
[07/Aug/2017:14:16:22][localhost-startStop-1]: CMSEngine.shutdown() [07/Aug/2017:14:21:39][localhost-startStop-1]: ============================================ [07/Aug/2017:14:21:39][localhost-startStop-1]: ===== DEBUG SUBSYSTEM INITIALIZED ======= [07/Aug/2017:14:21:39][localhost-startStop-1]: ============================================ [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: restart at autoShutdown? false [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: found cert:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: done init id=debug [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initialized debug [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initSubsystem id=log [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: ready to init id=log [07/Aug/2017:14:21:39][localhost-startStop-1]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit) [07/Aug/2017:14:21:39][localhost-startStop-1]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system) [07/Aug/2017:14:21:39][localhost-startStop-1]: Creating RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions) [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: restart at autoShutdown? false [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: found cert:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: done init id=log [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initialized log [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initSubsystem id=jss [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: ready to init id=jss [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: restart at autoShutdown? false [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: found cert:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: done init id=jss [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initialized jss [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initSubsystem id=dbs [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: ready to init id=dbs [07/Aug/2017:14:21:39][localhost-startStop-1]: DBSubsystem: init() mEnableSerialMgmt=true [07/Aug/2017:14:21:39][localhost-startStop-1]: Creating LdapBoundConnFactor(DBSubsystem) [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapBoundConnFactory: init [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapBoundConnFactory:doCloning true [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init() [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init begins [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init: prompt is internaldb [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init: try getting from memory cache [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init: password not in memory [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: getPasswordFromStore: try to get it from password store [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: getPasswordFromStore: about to get from passwored store: internaldb [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: getPasswordFromStore: password store available [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: getPasswordFromStore: password found for prompt in password store [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: password ok: store in memory cache [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init ends [07/Aug/2017:14:21:39][localhost-startStop-1]: init: before makeConnection errorIfDown is true [07/Aug/2017:14:21:39][localhost-startStop-1]: makeConnection: errorIfDown true [07/Aug/2017:14:21:39][localhost-startStop-1]: Established LDAP connection using basic authentication to host ipa-prod-01.<domain> port 389 as cn=Directory Manager [07/Aug/2017:14:21:39][localhost-startStop-1]: initializing with mininum 3 and maximum 15 connections to host ipa-prod-01.<domain> port 389, secure connection, false, authentication type 1 [07/Aug/2017:14:21:39][localhost-startStop-1]: increasing minimum connections by 3 [07/Aug/2017:14:21:39][localhost-startStop-1]: new total available connections 3 [07/Aug/2017:14:21:39][localhost-startStop-1]: new number of connections 3 [07/Aug/2017:14:21:39][localhost-startStop-1]: registered: false [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: restart at autoShutdown? false [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: autoShutdown crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: about to look for cert for auto-shutdown support:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: found cert:auditSigningCert cert-pki-ca [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: done init id=dbs [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initialized dbs [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: initSubsystem id=usrgrp [07/Aug/2017:14:21:39][localhost-startStop-1]: CMSEngine: ready to init id=usrgrp [07/Aug/2017:14:21:39][localhost-startStop-1]: Creating LdapBoundConnFactor(UGSubsystem) [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapBoundConnFactory: init [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapBoundConnFactory:doCloning true [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init() [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init begins [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init: prompt is internaldb [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init: try getting from memory cache [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init: got password from memory [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init: password found for prompt. [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: password ok: store in memory cache [07/Aug/2017:14:21:39][localhost-startStop-1]: LdapAuthInfo: init ends [07/Aug/2017:14:21:39][localhost-startStop-1]: init: before makeConnection errorIfDown is false [07/Aug/2017:14:21:39][localhost-startStop-1]: makeConnection: errorIfDown false [07/Aug/2017:14:21:39][localhost-startStop-1]: Established LDAP connection using basic authentication to host ipa-prod-01.<domain> port 389 as cn=Directory Manager [07/Aug/2017:14:21:39][localhost-startStop-1]: initializing with mininum 3 and maximum 15 connections to host ipa-prod-01.<domain> port 389, secure connection, false, authentication type 1 ... [07/Aug/2017:14:21:41][localhost-startStop-1]: CertUtils: verifySystemCerts() cert tag=ocsp_signing [07/Aug/2017:14:21:41][localhost-startStop-1]: CertUtils: verifySystemCertByTag(ocsp_signing) [07/Aug/2017:14:21:41][localhost-startStop-1]: CertUtils: verifySystemCertByNickname(ocspSigningCert cert-pki-ca, StatusResponder) [07/Aug/2017:14:21:41][localhost-startStop-1]: CertUtils: verifySystemCertByNickname(): calling verifyCertificate(ocspSigningCert cert-pki-ca, true, StatusResponder) [07/Aug/2017:14:21:41][localhost-startStop-1]: CertUtils: verifySystemCertByNickname() failed: java.lang.Exception: Certificate ocspSigningCert cert-pki-ca is invalid: Invalid certificate: (-8181) Peer's Certifi [07/Aug/2017:14:21:41][localhost-startStop-1]: CertUtils: verifySystemCertsByTag() failed: java.lang.Exception: Certificate ocspSigningCert cert-pki-ca is invalid: Invalid certificate: (-8181) Peer's Certificate [07/Aug/2017:14:21:41][localhost-startStop-1]: SignedAuditEventFactory: create() message created for eventType=CIMC_CERT_VERIFICATION [07/Aug/2017:14:21:41][localhost-startStop-1]: SignedAuditEventFactory: create() message created for eventType=CIMC_CERT_VERIFICATION java.lang.Exception: Certificate ocspSigningCert cert-pki-ca is invalid: Invalid certificate: (-8181) Peer's Certificate has expired. at com.netscape.cmscore.cert.CertUtils.verifySystemCertByNickname(CertUtils.java:844) at com.netscape.cmscore.cert.CertUtils.verifySystemCertByTag(CertUtils.java:936) at com.netscape.cmscore.cert.CertUtils.verifySystemCerts(CertUtils.java:1053) at com.netscape.cmscore.apps.CMSEngine.verifySystemCerts(CMSEngine.java:1803) at com.netscape.certsrv.apps.CMS.verifySystemCerts(CMS.java:1402) at com.netscape.cms.selftests.common.SystemCertsVerification.runSelfTest(SystemCertsVerification.java:193) at com.netscape.cmscore.selftests.SelfTestSubsystem.runSelfTestsAtStartup(SelfTestSubsystem.java:858) at com.netscape.cmscore.selftests.SelfTestSubsystem.startup(SelfTestSubsystem.java:1808) at com.netscape.cmscore.apps.CMSEngine.startupSubsystems(CMSEngine.java:1914) at com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1355) at com.netscape.certsrv.apps.CMS.startup(CMS.java:200) at com.netscape.certsrv.apps.CMS.start(CMS.java:1617) at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114) at javax.servlet.GenericServlet.init(GenericServlet.java:158) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.security.cert.CertificateException: Invalid certificate: (-8181) Peer's Certificate has expired. at org.mozilla.jss.CryptoManager.verifyCertificateNowNative(Native Method) at org.mozilla.jss.CryptoManager.verifyCertificate(CryptoManager.java:1554) at com.netscape.cmscore.cert.CertUtils.verifySystemCertByNickname(CertUtils.java:842) ... 44 more [07/Aug/2017:14:21:41][localhost-startStop-1]: SignedAuditEventFactory: create() message created for eventType=SELFTESTS_EXECUTION [07/Aug/2017:14:21:41][localhost-startStop-1]: CMSEngine.shutdown() ... [07/Aug/2017:14:21:42][localhost-startStop-1]: Repository: getSerialNumber() [07/Aug/2017:14:21:42][localhost-startStop-1]: returnConn: mNumConns now 3 Invalid class name repositorytop at com.netscape.cmscore.dbs.DBRegistry.createObject(DBRegistry.java:485) at com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:167) at com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:137) at com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:125) at com.netscape.cmscore.dbs.Repository.initCache(Repository.java:244) at com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:460) at com.netscape.cmscore.apps.CMSEngine.startup(CMSEngine.java:1371) at com.netscape.certsrv.apps.CMS.startup(CMS.java:200) at com.netscape.certsrv.apps.CMS.start(CMS.java:1617) at com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114) at javax.servlet.GenericServlet.init(GenericServlet.java:158) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) [07/Aug/2017:14:21:42][localhost-startStop-1]: CMSEngine.shutdown() ... I snipped some (hopefully unrelevant line's), as you can see simple bind works and we have an exception because expired certificates. I stuck in missing debug-file, i don't understand why it is'nt recreated. From my perspective i think, ca is not starting up so no debug file. Michael Am 08.08.2017 um 14:15 schrieb Fraser Tweedale: > On Tue, Aug 08, 2017 at 01:52:40PM +0200, Michael Gusek via FreeIPA-users > wrote: >> Hello, >> >> we run in a problem with expired certificates: >> >>> getcert list (sample show only one expired certificate) >> ... >> Request ID '20170202144747': >> status: MONITORING >> stuck: no >> key pair storage: >> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS >> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' >> certificate: >> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS >> Certificate DB' >> CA: dogtag-ipa-ca-renew-agent >> issuer: CN=Certificate Authority,O=NBG.WEBTREKK.COM >> subject: CN=IPA RA,O=NBG.WEBTREKK.COM >> expires: 2017-07-30 13:37:02 UTC >> key usage: >> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment >> eku: id-kp-serverAuth,id-kp-clientAuth >> pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre >> post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert >> track: yes >> auto-renew: yes >> >> ... >> Request ID '20170202144746': >> status: MONITORING >> stuck: no >> key pair storage: >> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert >> cert-pki-ca',token='NSS Certificate DB',pin set >> certificate: >> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert >> cert-pki-ca',token='NSS Certificate DB' >> CA: dogtag-ipa-ca-renew-agent >> issuer: CN=Certificate Authority,O=NBG.WEBTREKK.COM >> subject: CN=Certificate Authority,O=NBG.WEBTREKK.COM >> expires: 2035-08-10 13:36:23 UTC >> key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign >> pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad >> post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert >> "caSigningCert cert-pki-ca" >> track: yes >> auto-renew: yes >> ... >> >> We follow instruction to renew certificates found on this mailing list: >> * set system time before expired >> * set dogtag to use simple binds instead of TLS to connect to LDAP >> * ipactl start --ignore-service-failures >> * systemctl restart pki-tomcatd@pki-tomcat >> * systemctl restart certmonger >> * resubmit one of expired certificate: ipa-getcert resubmit -i >> 20170202144747 >> >> Jul 29 13:27:05 ipa-prod-01.<domain> >> dogtag-ipa-ca-renew-agent-submit[10651]: Forwarding request to >> dogtag-ipa-renew-agent >> Jul 29 13:27:05 ipa-prod-01.<domain> >> dogtag-ipa-renew-agent-submit[10661]: GET http://ipa-prod-01.<domain>:8080/ >> ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=7&renewal=true&xml=true >> >> >> Jul 29 13:27:05 ipa-prod-01.<domain> >> dogtag-ipa-renew-agent-submit[10661]: <html><head><title>Apache >> Tomcat/7.0.69 - >> or report</title><style><!--H1 >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} >> H2 {fo >> nt-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} >> H3 {font-family:Tahoma,Arial,sans-serif; >> color:white;background-color:#525D76;font-size:14px;} BODY >> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:whi >> te;} B >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} >> P {font-family:Tahoma,Arial,sans-serif;backgr│ >> ound:white;color:black;font-size:12px;}A {color : black;}A.name {color : >> black;}HR {color : #525D76;}--></style> </head><body><h >> 1>HTTP Status 404 - /ca/ee/ca/profileSubmit</h1><HR size="1" >> noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> >> <u>/ca/ee/ca/profileSubmit</u></p><p><b>description</b> <u>The >> requested resource is not available.</u></p><HR size="1" noshade >> ="noshade"><h3>Apache >> Tomcat/7.0.69</h3></body></html> >> >> >> Jul 29 13:27:05 ipa-prod-01.<domain> >> dogtag-ipa-ca-renew-agent-submit[10651]: dogtag-ipa-renew-agent returned 2 >> >> >> In certmonger logs, we can see that the request is forwarded to >> dogtag-ipa-renew-agent, but agent returned with return code 2, which >> seemed to be "request rejected". So at this point I have no glue to >> solve this problem. Any help is desired. >> >>> ipa >> --version >> >> >> VERSION: 4.4.0, API_VERSION: 2.213 >> >> Many thanks >> >> Michael >> -- > Hi Michael, > > Could you please provide the log file > /var/log/pki/pki-tomcat/ca/debug from the time you wound back the > system time, to after the renewal failures? > > Thanks, > Fraser -- ________________________________________________ *Michael**Gusek*| System Administrator| Webtrekk GmbH | *t*+49 30 755 415 302| *f *+49 30 755 415 100 | *w *www.webtrekk.com <https://www.webtrekk.com/?wt_mc=signature.-.-.-.homepageURL> Amtsgericht/Local Court Berlin, HRB 93435 B | Geschäftsführer/CEO Christian Sauer
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org