Fraser Tweedale wrote:
On Mon, Aug 22, 2016 at 11:52:46PM +0000, Z D wrote:
Hello,
There is the error on ver 4.2 while viewing certs: "IPA Error
4301: CertificateOperationError", next it read " Certificate
operation cannot be completed: Unable to communicate with CMS
([Errno 113] No route to host)".
I suspect you'll be asking for below two commands, here are results.
# ipa cert-show 1
Certificate: MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1VUy5P
..shortened ...
H6S7tS4pT9w77K8=
Subject: CN=Certificate Authority,O=COMP.COM
Issuer: CN=Certificate Authority,O=COMP.COM
Not Before: Wed Aug 17 17:20:41 2016 UTC
Not After: Sun Aug 17 17:20:41 2036 UTC
Fingerprint (MD5): 00:a5:2c:2d:ea:c8:27:33:62:35:75:53:12:6a:0d:c1
Fingerprint (SHA1):
d1:58:78:83:31:b8:ad:ae:af:2c:e7:05:44:67:6e:3a:37:8c:00:1a
Serial number (hex): 0x1
Serial number: 1
# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting ipa_memcached Service
Restarting httpd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
Any help is appreciated, thanks
Zarko
"while viewing certs" -> do you mean in the IPA Web UI?
The successful `cert-show' command indicates that the CA is up and
running, but the error message indicates that the host running the
failing action cannot contact the CA. You should check DNS and
firewall settings as a first step.
If a request for a certificate operation comes into an IPA master that
isn't running a CA the request is sent to one that does. It sure seems
like that is happening in this case and the chosen CA isn't available.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
