Thanks for your reply. Here is the output of "kinit admin; ipa cert-show 1":
ipa: DEBUG: failed to find session_cookie in persistent storage for principal
'admin(a)ourorg.COM'
ipa: INFO: trying
https://login1.ourorg.com/ipa/json
ipa: DEBUG: Created connection context.rpcclient_140248688553680
ipa: INFO: [try 1]: Forwarding 'schema' to json server
'https://login1.ourorg.com/ipa/json'
ipa: DEBUG: HTTP connection destroyed (
login1.ourorg.com)
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 694, in
single_request
h = self.make_connection(host)
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 573, in
make_connection
conn.connect()
File "/usr/lib64/python2.7/httplib.py", line 1275, in connect
server_hostname=sni_hostname)
File "/usr/lib64/python2.7/ssl.py", line 348, in wrap_socket
_context=self)
File "/usr/lib64/python2.7/ssl.py", line 609, in __init__
self.do_handshake()
File "/usr/lib64/python2.7/ssl.py", line 831, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
ipa: DEBUG: Destroyed connection context.rpcclient_140248688553680
ipa: ERROR: cannot connect to 'https://login1.ourorg.com/ipa/json': [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
And output of "ipactl status", note as I mentioned in the first post pki-tomcatd
service was failing even before certificates got expired.
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: STOPPED
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful