[Freeipa-users] Re: orphan certificate key Issue

2019-01-15 Thread Rob Crittenden via FreeIPA-users
Uzor Ide wrote: > All the files you named are present plus the password file (pwdfile.txt). > - pkcs11.txt > - pwdfile.txt > - key3.db > - key4.db > - cert8.db > - cert9.db > - secmod.db I'm not sure if you said which distribution you're using so let's be precise about the contents. You'll want t

[Freeipa-users] Re: orphan certificate key Issue

2019-01-15 Thread Uzor Ide via FreeIPA-users
All the files you named are present plus the password file (pwdfile.txt). - pkcs11.txt - pwdfile.txt - key3.db - key4.db - cert8.db - cert9.db - secmod.db On Tue, Jan 15, 2019 at 3:12 PM Rob Crittenden wrote: > Uzor Ide via FreeIPA-users wrote: > > Am certainly not sure that the orphan key is th

[Freeipa-users] Re: orphan certificate key Issue

2019-01-15 Thread Rob Crittenden via FreeIPA-users
Uzor Ide via FreeIPA-users wrote: > Am certainly not sure that the orphan key is the root cause. It just > looked out of place and the log had the following error > Jan 13 17:44:02 ipasvr01.domain.com > pki-server[4808]: ERROR: */var/lib/pki/pki-tomcat/alias contains an

[Freeipa-users] Re: orphan certificate key Issue

2019-01-15 Thread Uzor Ide via FreeIPA-users
Am certainly not sure that the orphan key is the root cause. It just looked out of place and the log had the following error Jan 13 17:44:02 ipasvr01.domain.com pki-server[4808]: ERROR: */var/lib/pki/pki-tomcat/alias contains an incomplete NSS database* in SQL format However, I compared the certifi

[Freeipa-users] Re: orphan certificate key Issue

2019-01-15 Thread Uzor Ide via FreeIPA-users
log contained the following Jan 13 17:44:02 ipasvr01.domain.com pki-server[4808]: ERROR: */var/lib/pki/pki-tomcat/alias contains an incomplete NSS database* in SQL format That's what made me go to the NSS database and so the orphan key. ipa server version is 4.4.4 and upgraded to 4.7.2 On Mon, J

[Freeipa-users] Re: orphan certificate key Issue

2019-01-14 Thread Florence Blanc-Renaud via FreeIPA-users
On 1/14/19 5:30 PM, Uzor Ide via FreeIPA-users wrote: Hello All, I upgraded our ipa server and after the upgrade ipa won't start again. further investigation shows that components of ipa starts but pki-tomcatd@pki-tomcat.service appears to be where the issue lies. checking the logs suggested

[Freeipa-users] Re: orphan certificate key Issue

2019-01-14 Thread Rob Crittenden via FreeIPA-users
Uzor Ide via FreeIPA-users wrote: > Hello All, > > I upgraded our ipa server and after the upgrade ipa won't start again. > further investigation shows that components of ipa starts > but pki-tomcatd@pki-tomcat.service appears to be where the issue lies. > checking the logs suggested that issue li