Tania Hagan via FreeIPA-users wrote:
Hi,
I tried looking at the pki debug log again and the main warning that stood out was that /var/lib/ipa/pki-ca/publish did not exist. I recreated the folder with chown root:pkiuser, chmod 775, and restarted the service, and the error disappeared in the log, but the service still not start. Is this important and should it contain the MasterCRL.bin that appears to now be missing from my configuration?
I don't believe this will prevent the CA from running and a CRL present is definitely not required.
You might also look at the selftest log and the catalina log, maybe those hold something useful.
rob