Hi ,
I opened two windows, one to run ipa cert-show1, one to observe the debug log
[root@wocfreeipa ~]# ipa cert-show 1
ipa: ERROR: Failed to authenticate to CA REST API
[root@wocfreeipa ~]# ipa cert-show 1
ipa: ERROR: Failed to authenticate to CA REST API
[root@wocfreeipa ~]# ipa cert-show 1
ipa: ERROR: Failed to authenticate to CA REST API
So it isn't hitting the CA at all. Check /var/log/httpd/error_log for
any details.
rob
[root@wocfreeipa ~]# tail -f /var/log/pki/pki-tomcat/ca/debug.2022-12-13.log
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 11:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 11:18:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying LDAP entry
cn=MasterCRL,ou=crlIssuingPoints,o=ipaca
2022-12-13 11:18:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 11:22:35 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-8] INFO: Getting certificate 0x1
2022-12-13 11:22:35 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-8] INFO: LDAPSession: reading
cn=1,ou=certificateRepository, ou=caca
2022-12-13 11:23:06 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] INFO: Getting certificate 0x1
2022-12-13 11:23:06 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-9] INFO: LDAPSession: reading
cn=1,ou=certificateRepository, ou=caca
2022-12-13 11:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating
serial number counter
2022-12-13 11:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
serial number ranges
2022-12-13 11:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
request ID ranges
2022-12-13 11:23:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating cert
status
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating invalid
certs to valid
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 11:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 11:28:14 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: Getting certificate 0x1
2022-12-13 11:28:14 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: LDAPSession: reading
cn=1,ou=certificateRepository, ou=ca,o=ipaca
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue