2018-02-14 4:55 GMT+08:00 Rob Crittenden <rcritten(a)redhat.com>:
Umarzuki Mochlis wrote:
> 2018-02-13 22:59 GMT+08:00 Rob Crittenden <rcritten(a)redhat.com>:
>> Umarzuki Mochlis via FreeIPA-users wrote:
>>> it stuck with "status: SUBMITTING" when I issue command
"ipa-getcert
>>> list" after I resubmit cert renew "get-cert resubmit -i ID"
>>
>> Which request is stuck? Can you provide the output of ipa-getcert list
>> -i ID?
>>
>> rob
>
> these request still 'submitting' since service started. I resubmit
> them one or two years ago.
The certs are certainly very expired at this point. Do these exist in
reality anymore?
# certutil -L -d /etc/dirsrv/slapd-DOMAIN-COM
# certutil -L -d /etc/httpd/alias
# grep NSSNickname /etc/httpd/conf.d/nss.conf
rob
yes
[root@ipa ~]# certutil -L -d /etc/dirsrv/slapd-DOMAIN-COM
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Server-Cert u,u,u
DOMAIN.COM IPA CA CT,,C
[root@ipa ~]# certutil -L -d /etc/httpd/alias
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Signing-Cert u,u,u
DOMAIN.COM IPA CA CT,C,C
ipaCert u,u,u
Server-Cert u,u,u
[root@ipa ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
NSSNickname Server-Cert