ipaCert certificate cannot be updated with error "status: CA_UNREACHABLE" on IdM replica instance
Issue
While the certificates on the IdM primary server (the one that runs the PKI instance) have been renewed, on the replica the command:
# getcert list
For the ipaCert
certificate returns:
Request ID '20140101000000':
status: CA_UNREACHABLE
ca-error: Error 7 connecting to http://replica-idm.example.com:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.
stuck: yes
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=IPA RA,O=EXAMPLE.COM
expires: 2013-12-01 00:00:00 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Environment
Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.