lol lol via FreeIPA-users wrote:
Hello, I have recently made a post about a problem I had accessing certificates via web interface. https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
With Florence we have identified that the problem is related to tomcat.
However before I was able to view my certificates that were in MONITORING mode with pki ca-cert-show command. Now now it hangs forever and errors out saying that the serial number is missing. Is there a fix to this?
pki -v ca-cert-show INFO: PKI options: -v INFO: PKI command: ca-cert-show ca-cert-show INFO: Java command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -cp /usr/share/pki/lib/* -Dcom.redhat.fips=false -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -v ca-cert-show INFOS: Server URL: https://ipa.domain.priv:8443 INFOS: NSS database: /root/.dogtag/nssdb INFOS: Message format: null INFOS: Command: ca-cert-show INFOS: Module: ca INFOS: Initializing NSS INFOS: Using internal token INFOS: Module: cert INFOS: Module: show java.lang.Exception: Missing Serial Number. at com.netscape.cmstools.ca.CACertShowCLI.execute(CACertShowCLI.java:68) at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58) at org.dogtagpki.cli.CLI.execute(CLI.java:357) at org.dogtagpki.cli.CLI.execute(CLI.java:357) at com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:79) at org.dogtagpki.cli.CLI.execute(CLI.java:357) at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:665) at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:701) ERROR: Command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -cp /usr/share/pki/lib/* -Dcom.redhat.fips=false -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -v ca-cert-show
The serial number has always been required for cert-show. It's possible you used `pki ca-cert find` previously which does not require any options.
rob