Klaus Vink Slott via FreeIPA-users wrote: > Have had a small FreeIPA setup running for some time, but today I was unable > to login at the web-gui on the master. It was possible to login at the > replica but if try to delete a host I get: > > cannot connect to > 'https://ipa.int.vink-slott.dk:443/ca/rest/certs/search?size=2147483647': > [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877) > > Indeed if I run a getcert list -c IPA on the master, one certificate is > expired. > Request ID '20190302094604': > status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN > stuck: yes > key pair storage: type=FILE,location='/var/lib/ipa/private/httpd.key' > certificate: type=FILE,location='/var/lib/ipa/certs/httpd.crt' > CA: IPA > issuer: CN=Certificate Authority,O=INT.VINK-SLOTT.DK > subject: CN=ipa.int.vink-slott.dk,O=INT.VINK-SLOTT.DK > expires: 2019-04-22 15:33:08 CEST > dns: ipa.int.vink-slott.dk > key usage: > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment > eku: id-kp-serverAuth,id-kp-clientAuth > pre-save command: > post-save command: /usr/libexec/ipa/certmonger/restart_httpd > track: yes > auto-renew: yes > > All other certificates is valid and status: MONITORING > > I tried different measures based on google searches and old entries on this > list. But all I have accomplished is to change the state to: > Request ID '20190302094604': > status: NEED_KEYINFO_READ_PIN > stuck: yes > key pair storage: > type=FILE,location='/var/lib/ipa/private/httpd.key',pin set > > At this state I am not sure that I added the correct pin. - And why this is > suddenly a problem.
It depends very much on what version of IPA you are running, perhaps the distro, and what you did to get the tracking into this state. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
