Hey everyone, A couple of days ago I started getting the following message:
[jebalicki@slpidml01 ~]$ ipa cert-show 1 ipa: INFO: trying https://slpidml01.unix.xxx.com/ipa/xml ipa: INFO: Forwarding 'cert_show' to server u' https://slpidml01.unix.xxx.com/ipa/xml' ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) I get a similar error in the GUI when looking at hosts. slpidml01 is my "master" -- the one I initially built. The other replicas also replicated the CA. After some digging (and prompting from Red Hat support) I've found the following: [root@slpidml01 ~]# ldapsearch -ZZ -H ldap://slpidml01.unix.xxx.com -D "cn=Directory Manager" -W -b "dc=unix,dc=xxx,dc=com" -x ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. But, interestingly, from another replica: [jebalicki@slpidml02 ~]$ ldapsearch -ZZ -H ldap://slpidml01.unix.xxx.com -D "cn=Directory Manager" -W -b "dc=unix,dc=xxx,dc=com" -x Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=unix,dc=xxx,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL ... So, obviously some certificate got hosed up somewhere. I've been digging but I haven't found it yet. Anyone have any ideas? I have a ticket open with RH support, but I think I somehow got put with someone with a completely different sleep schedule -- I get replies at 3 in the morning. So, I'm asking here because I'm impatient. :) Thanks, --Jason
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users