ipaCert certificate cannot be updated with error "status: CA_UNREACHABLE" on IdM replica instance

Solution Verified - Updated -

Issue

While the certificates on the IdM primary server (the one that runs the PKI instance) have been renewed, on the replica the command:

# getcert list

For the ipaCert certificate returns:

Request ID '20140101000000':
        status: CA_UNREACHABLE
        ca-error: Error 7 connecting to http://replica-idm.example.com:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.
        stuck: yes
        key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=IPA RA,O=EXAMPLE.COM
        expires: 2013-12-01 00:00:00 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes

Environment

Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.