<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 02/10/2015 12:35 PM, marcin kowalski
wrote:<br>
</div>
<blockquote
cite="mid:CABKsJ=QDB7r-1MTiPJpyK2q81PYZrP1jrF0rfAPZesOp4mOfdg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi all, i'm getting dogtag figured out slowly, and
i noticed one odd thing. <br>
<br>
I've setup certmonger to request an arbitrary certificate
through dogtag, and while the request seems to go into the
dogtag system, certmonger acts as if communication with the CA
failed. The certificate is considered in need of user attention
because the process got stuck.<br>
<br>
<p>Request ID ‘20150210125814’:<br>
status: NEED_GUIDANCE<br>
stuck: yes<br>
key pair storage: type=FILE,location=’/etc/pki/testkey’<br>
certificate: type=FILE,location=’/etc/pki/testcert’<br>
CA: dogtag-ipa<br>
issuer:<br>
subject:<br>
expires: unknown<br>
pre-save command:<br>
post-save command:<br>
track: yes<br>
auto-renew: yes<br>
</p>
<p><br>
</p>
<p>[root@fedora pki]# systemctl status -l certmonger<br>
(….)<br>
lut 10 13:57:04 <a moz-do-not-send="true"
href="http://fedora.box.net">fedora.box.net</a>
certmonger[7845]: Request for certificate to be stored in file
“/etc/pki/testcert” rejected by CA.</p>
<br>
The request is present in dogtag and is valid, can be
accepted/rejected, etc. Even though certmonger never notices
that. I wonder if there is some obvious mistake in my setup, or
perhaps there is known bug in interaction of both components on
F21 (i'm using only standard repositories). <br>
<br>
When i post the query from certmonger's agent defined in ca
definition through curl, i get no errors.<br>
<br>
What would be the best way to debug this issue?<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Can you post your certmonger get-cert command?<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>