When I recently updated one of my IPA servers (it reports 4.5.0-21.el7_4.1.2 in yum), the result was that it could not start back up because pki-tomcatd kept failing. I was able to get it running for now by ignoring the failure of that one service, but I haven't been able to to determine the cause. The logs are pretty quiet on this one. They show the failure itself, but not information that helps me fix the problem. It also appears to be causing some weird UI issues. Without the certificate stuff working I can't add any new replicas as CAs because it can't send the needed info to the new server.

I have talked a little bit with Rob Crittenden about this but always run into an impasse hen trying to find the debug logs.

On Thu, Oct 26, 2017 at 10:25 AM, Florence Blanc-Renaud <flo@redhat.com> wrote:

On 10/26/2017 04:58 PM, Kristian Petersen via FreeIPA-users wrote:

I am having problems with the server that currently is my main CA and was considering trying to switch that function to a different server. I have tried some of the stuff I found online but the CA role can't be enabled on another server because it is broken on the one that has it right now. Hence the operation fails. Any other ideas on how to resolve this? It is OK if I have to abandon my old certificates and generate entirely new one on the new CA server.

--
Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org

Hi,

which issues do you currently have with the CA? Maybe we can help fix the CA first.

Flo

Kristian Petersen

System Administrator

Dept. of Chemistry and Biochemistry