Please keep freeipa-users in CC, there si no sensitive information in
getcert list output (you sanitized it)
Folowing certificates are expired, please try to to resubmit them. I'm
also worried about this error message: ca-error: Error setting up ccache
for local "host" service using default keytab: Cannot contact any KDC
for realm '<MYREALM>'.
is KDC running?
Request ID '20140528063919':
status: MONITORING
ca-error: Error setting up ccache for local "host" service
using default keytab: Cannot contact any KDC for realm '<MYREALM>'.
stuck: no
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-<MYREALM>',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-<MYREALM>/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-<MYREALM>',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=<MYREALM>
subject: CN=<IPA SERVER HOST>,O=<MYREALM>
expires: 2016-05-28 06:39:18 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
<MYREALM>
track: yes
auto-renew: yes
Request ID '20140528063953':
status: MONITORING
ca-error: Error setting up ccache for local "host" service
using default keytab: Cannot contact any KDC for realm '<MYREALM>'.
stuck: no
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=<MYREALM>
subject: CN=<IPA SERVER HOST>,O=<MYREALM>
expires: 2016-05-28 06:39:52 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
PKI-IPA
track: yes
auto-renew: yes
Request ID '20140528064145':
status: MONITORING
ca-error: Error setting up ccache for local "host" service
using default keytab: Cannot contact any KDC for realm '<MYREALM>'.
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=<MYREALM>
subject: CN=<IPA SERVER HOST>,O=<MYREALM>
expires: 2016-05-28 06:41:44 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project