Re: [Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)

Rob Crittenden Mon, 18 May 2015 07:09:59 -0700

Sina Owolabi wrote:

Yes CA is running,  and it's on the same machine.


[root@dc ~]# ipa-replica-prepare dc01.ourdom.com
<http://dc01.ourdom.com> --ip-address 192.168.2.40

Directory Manager (existing master) password:


Preparing replica for dc01.ourdom.com <http://dc01.ourdom.com> from
dc.ourdom.com <http://dc.ourdom.com>

Creating SSL certificate for the Directory Server

Certificate operation cannot be completed: Unable to communicate with
CMS (Not Found)

[root@dc ~]# ipactl status

Directory Service: RUNNING

KDC Service: RUNNING

KPASSWD Service: RUNNING

DNS Service: RUNNING

MEMCACHE Service: RUNNING

HTTP Service: RUNNING

CA Service: RUNNING

[root@dc ~]#

This suggests that while the process is running the CA isn't actuallyoperational. You'll need to poke through the logs in /var/log/pki* tosee if there are any errors.

I'd also see if the certificates are expired by running `getcert list`as root.


rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)

Reply via email to