Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@zsipa ~]# date
- Mon Apr 4 12:24:10 UTC 2016
- [root@zsipa ~]# ipactl start --force
- Starting Directory Service
- Starting krb5kdc Service
- Starting kadmin Service
- Starting named Service
- Starting ipa_memcached Service
- Starting httpd Service
- Starting pki-tomcatd Service
- Failed to start pki-tomcatd Service
- Forced start, ignoring pki-tomcatd Service, continuing normal operation
- Starting ipa-otpd Service
- ipa: INFO: The ipactl command was successful
- [root@zsipa ~]# date
- Mon Apr 4 12:29:26 UTC 2016
- [root@zsipa ~]# wget -v -d -S -O - --timeout=30 --no-check-certificate https://zsipa.private.net:443/ca/admin/ca/getStatus
- Setting --server-response (serverresponse) to 1
- Setting --output-document (outputdocument) to -
- Setting --timeout (timeout) to 30
- Setting --check-certificate (checkcertificate) to 0
- DEBUG output created by Wget 1.16.3 on linux-gnu.
- URI encoding = ‘UTF-8’
- --2016-04-04 12:29:26-- https://zsipa.private.net/ca/admin/ca/getStatus
- Resolving zsipa.private.net (zsipa.private.net)... 192.168.208.53
- Caching zsipa.private.net => 192.168.208.53
- Connecting to zsipa.private.net (zsipa.private.net)|192.168.208.53|:443... connected.
- Created socket 3.
- Releasing 0x00000000017e9af0 (new refcount 1).
- Initiating SSL handshake.
- SSL handshake timed out.
- Closed fd 3
- Unable to establish SSL connection.
- [root@zsipa ~]# getcert list
- Number of certificates and requests being tracked: 10.
- Request ID '20140428181940':
- status: MONITORING
- stuck: no
- key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PRIVATE-NET',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PRIVATE-NET/pwdfile.txt'
- certificate: type=NSSDB,location='/etc/dirsrv/slapd-PRIVATE-NET',nickname='Server-Cert',token='NSS Certificate DB'
- CA: IPA
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=zsipa.private.net,O=PRIVATE.NET
- expires: 2018-04-02 13:04:51 UTC
- principal name: ldap/zsipa.private.net@PRIVATE.NET
- key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
- eku: id-kp-serverAuth,id-kp-clientAuth
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20140428182016':
- status: MONITORING
- stuck: no
- key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
- certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'
- CA: IPA
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=zsipa.private.net,O=PRIVATE.NET
- expires: 2018-04-02 13:04:31 UTC
- principal name: HTTP/zsipa.private.net@PRIVATE.NET
- key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
- eku: id-kp-serverAuth,id-kp-clientAuth
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20150211141945':
- status: CA_REJECTED
- ca-error: Server at https://zsipa.private.net/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: hostname in subject of request 'zw198.private.net' does not match principal hostname 'private.net').
- stuck: yes
- key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS Certificate DB'
- certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert'
- CA: IPA
- issuer:
- subject:
- expires: unknown
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20150816194107':
- status: NEED_TO_SUBMIT
- ca-error: Internal error
- stuck: no
- key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
- certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'
- CA: dogtag-ipa-ca-renew-agent
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=CA Audit,O=PRIVATE.NET
- expires: 2016-04-17 18:19:19 UTC
- key usage: digitalSignature,nonRepudiation
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20150816194108':
- status: CA_UNREACHABLE
- ca-error: Internal error
- stuck: no
- key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
- certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'
- CA: dogtag-ipa-ca-renew-agent
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=OCSP Subsystem,O=PRIVATE.NET
- expires: 2016-04-17 18:19:18 UTC
- key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
- eku: id-kp-OCSPSigning
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20150816194109':
- status: NEED_TO_SUBMIT
- ca-error: Internal error
- stuck: no
- key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
- certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'
- CA: dogtag-ipa-ca-renew-agent
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=CA Subsystem,O=PRIVATE.NET
- expires: 2016-04-17 18:19:19 UTC
- key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
- eku: id-kp-serverAuth,id-kp-clientAuth
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20150816194110':
- status: MONITORING
- stuck: no
- key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
- certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB'
- CA: dogtag-ipa-ca-renew-agent
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=Certificate Authority,O=PRIVATE.NET
- expires: 2036-04-01 20:16:39 UTC
- key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20150816194111':
- status: NEED_TO_SUBMIT
- ca-error: Internal error
- stuck: no
- key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
- certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
- CA: dogtag-ipa-ca-renew-agent
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=IPA RA,O=PRIVATE.NET
- expires: 2016-04-17 18:19:35 UTC
- key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
- eku: id-kp-serverAuth,id-kp-clientAuth
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20150816194112':
- status: MONITORING
- stuck: no
- key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
- certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'
- CA: dogtag-ipa-renew-agent
- issuer: CN=Certificate Authority,O=PRIVATE.NET
- subject: CN=zsipa.private.net,O=PRIVATE.NET
- expires: 2018-03-11 13:04:29 UTC
- key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
- eku: id-kp-serverAuth,id-kp-clientAuth
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- Request ID '20151214165433':
- status: CA_REJECTED
- ca-error: Server at https://zsipa.private.net/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: hostname in subject of request 'zsipa.private.net' does not match principal hostname 'www.private.net').
- stuck: yes
- key pair storage: type=FILE,location='/etc/pki/tls/private/www.private.net.key'
- certificate: type=FILE,location='/etc/pki/tls/certs/www.private.net.crt'
- CA: IPA
- issuer:
- subject:
- expires: unknown
- pre-save command:
- post-save command:
- track: yes
- auto-renew: yes
- [root@zsipa ~]#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement