I think I know what the issue is. I had 2 IPA servers, both with CA’s
I dropped one and rebuilt without the CA but a bunch of clients are still pointing at this one server that now is without a CA. Will rebuild that one with a CA and almost sure that will fix. <http://www.placeiq.com/> <http://www.placeiq.com/> <http://www.placeiq.com/> Jim Richard <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ> <https://www.linkedin.com/company/placeiq> <https://www.linkedin.com/company/placeiq> SYSTEM ADMINISTRATOR III (646) 338-8905 <http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/> > On Nov 28, 2016, at 2:39 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > > Jim Richard wrote: >> Honestly Im not even sure if something is not working correctly :) >> >> All I know is that my httpd, access and krb5 logs are filling up all my >> disk space extremely quickly and I have no idea why. >> >> Centos 6.8 + IPA 3.0 >> >> One master and one replica. >> >> Are these things related? >> >> How do I fix, where do I even start? >> >> Thanks ! >> >> On the replica the httpd log is constantly getting spammed with: >> >> [Thu Nov 24 05:55:18 2016] [error] ipa: INFO: >> host/phoenix-153.nym1.placeiq....@placeiq.net: >> cert_request(uactual cert removed > .. , add=True): ACIError >> >> and on the master the access log is filling up quickly with: >> >> 10.1.41.110 - - [24/Nov/2016:06:09:54 +0000] "POST >> /ca/agent/ca/displayBySerial HTTP/1.1" 200 10106 > > Looks like certmonger trying to renew the per-client SSL certificate. > You can confirm by pulling out the CSR and poking at it with openssl req. > > On the client you can try running: ipa-getcert list > > This may show more details on why the request was rejected. > > rob
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project