Re: [Freeipa-users] SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert Server-Cert of family

Wed, 14 Sep 2016 09:39:53 -0700
Please keep freeipa-users in CC, there si no sensitive information in getcert list output (you sanitized it) 



Folowing certificates are expired, please try to to resubmit them. I'm 
also worried about this error message: ca-error: Error setting up ccache 
for local "host" service using default keytab: Cannot contact any KDC 
for realm '<MYREALM>'.


is KDC running?



Request ID '20140528063919':
        status: MONITORING

        ca-error: Error setting up ccache for local "host" service 
using default keytab: Cannot contact any KDC for realm '<MYREALM>'.

        stuck: no

        key pair storage: 
type=NSSDB,location='/etc/dirsrv/slapd-<MYREALM>',nickname='Server-Cert',token='NSS 
Certificate DB',pinfile='/etc/dirsrv/slapd-<MYREALM>/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/dirsrv/slapd-<MYREALM>',nickname='Server-Cert',token='NSS 
Certificate DB'

        CA: IPA
        issuer: CN=Certificate Authority,O=<MYREALM>
        subject: CN=<IPA SERVER HOST>,O=<MYREALM>
        expires: 2016-05-28 06:39:18 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:

        post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv 
<MYREALM>

        track: yes
        auto-renew: yes
Request ID '20140528063953':
        status: MONITORING

        ca-error: Error setting up ccache for local "host" service 
using default keytab: Cannot contact any KDC for realm '<MYREALM>'.

        stuck: no

        key pair storage: 
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS 
Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS 
Certificate DB'

        CA: IPA
        issuer: CN=Certificate Authority,O=<MYREALM>
        subject: CN=<IPA SERVER HOST>,O=<MYREALM>
        expires: 2016-05-28 06:39:52 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:

        post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv 
PKI-IPA

        track: yes
        auto-renew: yes
Request ID '20140528064145':
        status: MONITORING

        ca-error: Error setting up ccache for local "host" service 
using default keytab: Cannot contact any KDC for realm '<MYREALM>'.

        stuck: no

        key pair storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB'

        CA: IPA
        issuer: CN=Certificate Authority,O=<MYREALM>
        subject: CN=<IPA SERVER HOST>,O=<MYREALM>
        expires: 2016-05-28 06:41:44 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_httpd
        track: yes
        auto-renew: yes


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project






















					Reply via email to