Sina Owolabi wrote:
Yes CA is running, and it's on the same machine.
[root@dc ~]# ipa-replica-prepare dc01.ourdom.com
<http://dc01.ourdom.com> --ip-address 192.168.2.40
Directory Manager (existing master) password:
Preparing replica for dc01.ourdom.com <http://dc01.ourdom.com> from
dc.ourdom.com <http://dc.ourdom.com>
Creating SSL certificate for the Directory Server
Certificate operation cannot be completed: Unable to communicate with
CMS (Not Found)
[root@dc ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[root@dc ~]#
This suggests that while the process is running the CA isn't actually
operational. You'll need to poke through the logs in /var/log/pki* to
see if there are any errors.
I'd also see if the certificates are expired by running `getcert list`
as root.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project