For Petr 2

1. [root@zsipa ~]# date
2. Mon Apr 4 12:24:10 UTC 2016
3. [root@zsipa ~]# ipactl start --force
4. Starting Directory Service
5. Starting krb5kdc Service
6. Starting kadmin Service
7. Starting named Service
8. Starting ipa_memcached Service
9. Starting httpd Service
10. Starting pki-tomcatd Service
11. Failed to start pki-tomcatd Service
12. Forced start, ignoring pki-tomcatd Service, continuing normal operation
13. Starting ipa-otpd Service
14. ipa: INFO: The ipactl command was successful
15. [root@zsipa ~]# date
16. Mon Apr 4 12:29:26 UTC 2016
17. [root@zsipa ~]# wget -v -d -S -O - --timeout=30 --no-check-certificate https://zsipa.private.net:443/ca/admin/ca/getStatus
18. Setting --server-response (serverresponse) to 1
19. Setting --output-document (outputdocument) to -
20. Setting --timeout (timeout) to 30
21. Setting --check-certificate (checkcertificate) to 0
22. DEBUG output created by Wget 1.16.3 on linux-gnu.
23.  
24. URI encoding = ‘UTF-8’
25. --2016-04-04 12:29:26-- https://zsipa.private.net/ca/admin/ca/getStatus
26. Resolving zsipa.private.net (zsipa.private.net)... 192.168.208.53
27. Caching zsipa.private.net => 192.168.208.53
28. Connecting to zsipa.private.net (zsipa.private.net)|192.168.208.53|:443... connected.
29. Created socket 3.
30. Releasing 0x00000000017e9af0 (new refcount 1).
31. Initiating SSL handshake.
32. SSL handshake timed out.
33. Closed fd 3
34. Unable to establish SSL connection.
35. [root@zsipa ~]# getcert list
36. Number of certificates and requests being tracked: 10.
37. Request ID '20140428181940':
38. status: MONITORING
39. stuck: no
40. key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PRIVATE-NET',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PRIVATE-NET/pwdfile.txt'
41. certificate: type=NSSDB,location='/etc/dirsrv/slapd-PRIVATE-NET',nickname='Server-Cert',token='NSS Certificate DB'
42. CA: IPA
43. issuer: CN=Certificate Authority,O=PRIVATE.NET
44. subject: CN=zsipa.private.net,O=PRIVATE.NET
45. expires: 2018-04-02 13:04:51 UTC
46. principal name: ldap/zsipa.private.net@PRIVATE.NET
47. key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
48. eku: id-kp-serverAuth,id-kp-clientAuth
49. pre-save command:
50. post-save command:
51. track: yes
52. auto-renew: yes
53. Request ID '20140428182016':
54. status: MONITORING
55. stuck: no
56. key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
57. certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'
58. CA: IPA
59. issuer: CN=Certificate Authority,O=PRIVATE.NET
60. subject: CN=zsipa.private.net,O=PRIVATE.NET
61. expires: 2018-04-02 13:04:31 UTC
62. principal name: HTTP/zsipa.private.net@PRIVATE.NET
63. key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
64. eku: id-kp-serverAuth,id-kp-clientAuth
65. pre-save command:
66. post-save command:
67. track: yes
68. auto-renew: yes
69. Request ID '20150211141945':
70. status: CA_REJECTED
71. ca-error: Server at https://zsipa.private.net/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: hostname in subject of request 'zw198.private.net' does not match principal hostname 'private.net').
72. stuck: yes
73. key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS Certificate DB'
74. certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert'
75. CA: IPA
76. issuer:
77. subject:
78. expires: unknown
79. pre-save command:
80. post-save command:
81. track: yes
82. auto-renew: yes
83. Request ID '20150816194107':
84. status: NEED_TO_SUBMIT
85. ca-error: Internal error
86. stuck: no
87. key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
88. certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'
89. CA: dogtag-ipa-ca-renew-agent
90. issuer: CN=Certificate Authority,O=PRIVATE.NET
91. subject: CN=CA Audit,O=PRIVATE.NET
92. expires: 2016-04-17 18:19:19 UTC
93. key usage: digitalSignature,nonRepudiation
94. pre-save command:
95. post-save command:
96. track: yes
97. auto-renew: yes
98. Request ID '20150816194108':
99. status: CA_UNREACHABLE
100. ca-error: Internal error
101. stuck: no
102. key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
103. certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'
104. CA: dogtag-ipa-ca-renew-agent
105. issuer: CN=Certificate Authority,O=PRIVATE.NET
106. subject: CN=OCSP Subsystem,O=PRIVATE.NET
107. expires: 2016-04-17 18:19:18 UTC
108. key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
109. eku: id-kp-OCSPSigning
110. pre-save command:
111. post-save command:
112. track: yes
113. auto-renew: yes
114. Request ID '20150816194109':
115. status: NEED_TO_SUBMIT
116. ca-error: Internal error
117. stuck: no
118. key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
119. certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'
120. CA: dogtag-ipa-ca-renew-agent
121. issuer: CN=Certificate Authority,O=PRIVATE.NET
122. subject: CN=CA Subsystem,O=PRIVATE.NET
123. expires: 2016-04-17 18:19:19 UTC
124. key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
125. eku: id-kp-serverAuth,id-kp-clientAuth
126. pre-save command:
127. post-save command:
128. track: yes
129. auto-renew: yes
130. Request ID '20150816194110':
131. status: MONITORING
132. stuck: no
133. key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
134. certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB'
135. CA: dogtag-ipa-ca-renew-agent
136. issuer: CN=Certificate Authority,O=PRIVATE.NET
137. subject: CN=Certificate Authority,O=PRIVATE.NET
138. expires: 2036-04-01 20:16:39 UTC
139. key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
140. pre-save command:
141. post-save command:
142. track: yes
143. auto-renew: yes
144. Request ID '20150816194111':
145. status: NEED_TO_SUBMIT
146. ca-error: Internal error
147. stuck: no
148. key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
149. certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
150. CA: dogtag-ipa-ca-renew-agent
151. issuer: CN=Certificate Authority,O=PRIVATE.NET
152. subject: CN=IPA RA,O=PRIVATE.NET
153. expires: 2016-04-17 18:19:35 UTC
154. key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
155. eku: id-kp-serverAuth,id-kp-clientAuth
156. pre-save command:
157. post-save command:
158. track: yes
159. auto-renew: yes
160. Request ID '20150816194112':
161. status: MONITORING
162. stuck: no
163. key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='424151811070'
164. certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'
165. CA: dogtag-ipa-renew-agent
166. issuer: CN=Certificate Authority,O=PRIVATE.NET
167. subject: CN=zsipa.private.net,O=PRIVATE.NET
168. expires: 2018-03-11 13:04:29 UTC
169. key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
170. eku: id-kp-serverAuth,id-kp-clientAuth
171. pre-save command:
172. post-save command:
173. track: yes
174. auto-renew: yes
175. Request ID '20151214165433':
176. status: CA_REJECTED
177. ca-error: Server at https://zsipa.private.net/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: hostname in subject of request 'zsipa.private.net' does not match principal hostname 'www.private.net').
178. stuck: yes
179. key pair storage: type=FILE,location='/etc/pki/tls/private/www.private.net.key'
180. certificate: type=FILE,location='/etc/pki/tls/certs/www.private.net.crt'
181. CA: IPA
182. issuer:
183. subject:
184. expires: unknown
185. pre-save command:
186. post-save command:
187. track: yes
188. auto-renew: yes
189. [root@zsipa ~]#