[Freeipa-users] Failure decoding Certificate Signing Request
Thomson, Ryan
ryan.thomson at ubc.ca
Fri Oct 25 16:22:54 UTC 2013
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Thursday, October 24, 2013 11:41 AM
> To: Thomson, Ryan; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Failure decoding Certificate Signing Request
>
> Thomson, Ryan wrote:
> >> -----Original Message-----
> >> From: Rob Crittenden [mailto:rcritten at redhat.com]
> >> Sent: Wednesday, October 23, 2013 6:58 PM
> >> To: Thomson, Ryan; freeipa-users at redhat.com
> >> Subject: Re: [Freeipa-users] Failure decoding Certificate Signing
> >> Request
> >>
> >> I think this still points to NSS not being initialized. The way we
> >> currently use NSS in the server is Apache fires things up using
> >> mod_nss, then because we are a child of Apache via mod_wsgi, we
> >> inherit the open NSS database in /etc/httpd/alias. This gives us the
> >> CA cert and the client cert we need in order to talk to dogtag.
> >>
> >> What I thought, and the excellent debugging above confirms, is that
> >> at some point the NSS database is being shut down. At some point we
> >> need to do some crypto and try to initialize it ourselves to no
> >> avail. We shouldn't ever need to do it in the server and thus don't
> >> have access to PINs and such because we don't need them. We do
> >> initialize things from time to time on the client side but we tend to
> >> do a database-less initialization (nss_init_nodb()).
> >>
> >> I'm not really sure what this tells us though. It would appear that
> >> SSL is working in Apache, because you are able to get far enough to
> >> make a request and have it fail. So the NSS database is still
> >> initialized in Apache, but for some reason the wsgi code doesn't seem to
> agree.
> >>
> >> Would it be possible for you to stop and restart Apache and run some
> >> simple IPA command like ipa user-show admin (and let me know if it
> succeeds)?
> >> Then send me the error_log?
> >>
> >> If you are in SELinux enforcing mode it would also be helpful to
> >> check for any AVCs. Maybe we simply can't access the database.
> >>
> >> thanks
> >>
> >> rob
> >
> > I am able to stop/wait/start apache and then execute "ipa user-show
> admin" successfully.
> >
>
> Ok, let's try a couple more things.
>
> Can you set LogLevel debug in /etc/httpd/conf.d/nss.conf and restart
> Apache again? This may give us more information on what mod_nss is doing.
>
> Next, lets try a different cert command that should also invoke the NSS client
> within IPA:
>
> $ ipa cert-show 22
>
> Can you describe your environment? Do you have multiple IPA masters? Was
> this a new install at 3.0 or is it an upgrade from 2.2?
>
> rob
The environment is simple: Single master, upgraded from 2.2.
Output in /var/log/httpd/error_log after setting LogLevel to debug in /etc/httpd/conf.d/nss.conf and restarting apache:
[Sat Oct 05 00:04:25 2013] [notice] caught SIGTERM, shutting down
[Sat Oct 05 00:04:26 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Sat Oct 05 00:04:26 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Oct 05 00:04:26 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:26 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:26 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:26 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:26 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:26 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:26 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:26 2013] [notice] Digest: generating secret for digest authentication ...
[Sat Oct 05 00:04:26 2013] [notice] Digest: done
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:26 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.14.0.0 Basic ECC PHP/5.3.14 mod_wsgi/3.2 Python/2.6.6 configured -- resuming normal operations
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:26 2013] [debug] proxy_util.c(1818): proxy: worker ajp://localhost:9447 already initialized
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:27 2013] [info] Configuring server for SSL protocol
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(684): NSSProtocol: Enabling SSL3
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(697): NSSProtocol: Enabling TLSv1.0
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(751): NSSProtocol: [SSL 3.0] (minimum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(783): NSSProtocol: [TLS 1.0] (maximum)
[Sat Oct 05 00:04:27 2013] [debug] nss_engine_init.c(983): NSSCipherSuite: Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Sat Oct 05 00:04:27 2013] [info] Using nickname Server-Cert.
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'...
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'...
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: args=klist -V
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: stdout=Kerberos 5 version 1.10.3
[Sat Oct 05 00:04:28 2013] [error]
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: stderr=
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: args=klist -V
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: stdout=Kerberos 5 version 1.10.3
[Sat Oct 05 00:04:28 2013] [error]
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: stderr=
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/plugins'...
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.6/site-packages/ipaserver/plugins'...
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/join.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/join.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/rabase.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/selfsign.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: skipping plugin module ipaserver.plugins.selfsign: selfsign is not selected as RA plugin, it is dogtag
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/xmlserver.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/rabase.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/selfsign.py'
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: skipping plugin module ipaserver.plugins.selfsign: selfsign is not selected as RA plugin, it is dogtag
[Sat Oct 05 00:04:28 2013] [error] ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipaserver/plugins/xmlserver.py'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: SessionAuthManager.register: name=jsonserver_session
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: SessionAuthManager.register: name=jsonserver_session
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: SessionAuthManager.register: name=xmlserver_session
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: SessionAuthManager.register: name=xmlserver_session
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.xmlserver() at '/xml'
[Sat Oct 05 00:04:29 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.xmlserver() at '/xml'
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:30 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:31 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
[Sat Oct 05 00:04:31 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
[Sat Oct 05 00:04:31 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:31 2013] [error] ipa: DEBUG: session_auth_duration: 0:20:00
[Sat Oct 05 00:04:31 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
[Sat Oct 05 00:04:31 2013] [error] ipa: DEBUG: Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
[Sat Oct 05 00:04:31 2013] [error] ipa: INFO: *** PROCESS START ***
[Sat Oct 05 00:04:31 2013] [error] ipa: INFO: *** PROCESS START ***
Command output from "ipa cert-show 22":
root at HOSTNAME:~
# ipa cert-show 22
ipa: DEBUG: importing all plugin modules in '/usr/lib/python2.6/site-packages/ipalib/plugins'...
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/aci.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automember.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/automount.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/baseldap.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/batch.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/config.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/dns.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/group.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacrule.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvc.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbacsvcgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hbactest.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/host.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/hostgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/idrange.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/internal.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/kerberos.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/krbtpolicy.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/migration.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/misc.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/netgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/passwd.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/permission.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/ping.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/privilege.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/pwpolicy.py'
ipa: DEBUG: args=klist -V
ipa: DEBUG: stdout=Kerberos 5 version 1.10.3
ipa: DEBUG: stderr=
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/role.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selfservice.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/selinuxusermap.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/service.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmd.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudocmdgroup.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/sudorule.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/trust.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/user.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/virtual.py'
ipa: DEBUG: importing plugin module '/usr/lib/python2.6/site-packages/ipalib/plugins/xmlclient.py'
ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin at FULLY.QUALIFIED.DOMAIN
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=keyctl_search: Required key not available
ipa: DEBUG: failed to find session_cookie in persistent storage for principal 'admin at FULLY.QUALIFIED.DOMAIN'
ipa: INFO: trying https://HOSTNAME.DOMAIN/ipa/xml
ipa: DEBUG: Created connection context.xmlclient
ipa: DEBUG: raw: cert_show(u'22')
ipa: DEBUG: cert_show(u'22')
ipa: INFO: Forwarding 'cert_show' to server u'https://HOSTNAME.DOMAIN/ipa/xml'
ipa: DEBUG: NSSConnection init HOSTNAME.DOMAIN
ipa: DEBUG: Connecting: 142.103.89.209:0
ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False
Data:
Version: 3 (0x2)
Serial Number: 22 (0x16)
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: CN=Certificate Authority,O=FULLY.QUALIFIED.DOMAIN
Validity:
Not Before: Thu Apr 11 23:23:18 2013 UTC
Not After: Tue Oct 08 23:23:18 2013 UTC
Subject: CN=HOSTNAME.DOMAIN,O=FULLY.QUALIFIED.DOMAIN
Subject Public Key Info:
Public Key Algorithm:
Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
b0:b0:50:1f:e9:72:26:d5:dd:ff:70:ba:66:bb:a6:90:
bf:02:e9:7f:9b:73:10:9b:d9:a5:84:f7:34:c6:ed:03:
ca:48:11:5e:50:9d:19:9f:22:24:8a:17:35:69:d0:69:
0e:f7:a8:37:2d:46:11:98:5e:df:a8:2c:93:96:a7:66:
e4:3d:20:c1:72:e2:94:46:36:0b:84:44:2e:94:a9:98:
7a:da:1d:3a:f0:13:53:47:0d:b1:30:21:9d:55:a8:32:
09:be:c6:d3:98:2e:6c:a1:a1:34:02:9a:7f:df:ba:4b:
f1:c9:10:c4:0b:70:e7:08:de:98:24:c4:a6:d2:4a:e5:
0c:41:e7:f6:80:a5:7a:25:b7:8d:0e:b9:aa:b7:ff:4f:
cd:85:b5:3e:1c:e0:6f:83:e5:c1:86:ec:e0:6f:dd:f2:
3a:6b:60:ce:3f:63:46:9a:75:5e:e3:20:76:d3:36:53:
07:1f:34:77:a7:42:3e:58:0d:30:15:f6:47:e3:a2:d3:
46:b0:cf:62:1b:00:2a:28:18:39:5c:35:3b:ff:c6:7a:
c2:9d:08:75:17:92:d3:7f:58:6d:c8:bc:55:c3:6f:3e:
17:f7:55:bf:e6:3c:af:cc:8a:18:59:f1:46:50:07:36:
09:38:87:4b:38:67:44:f6:b6:bb:cf:f0:af:88:30:5f
Exponent:
65537 (0x10001)
Signed Extensions: (5)
Name: Certificate Authority Key Identifier
Critical: False
Key ID:
3a:41:f5:c1:b7:ff:bb:79:13:d1:23:92:61:16:fc:7d:
a7:d1:82:d2
Serial Number: None
General Names: [0 total]
Name: Authority Information Access
Critical: False
Name: Certificate Key Usage
Critical: True
Usages:
Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
Critical: False
Usages:
TLS Web Server Authentication Certificate
Name: Certificate Subject Key ID
Critical: False
Data:
e0:56:1f:d5:73:7c:5f:7f:60:5e:d7:3c:88:43:8d:97:
b7:f5:fb:24
Signature:
Signature Algorithm:
Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
85:60:83:4c:d5:80:28:9c:ec:69:b0:26:7a:4f:fc:99:
e1:4e:3d:78:54:59:d7:46:b3:cf:fb:81:8e:16:67:18:
b4:c4:98:3f:16:54:05:ef:6e:79:5f:62:81:65:e3:a8:
e7:7b:68:12:25:1f:af:dc:bf:3a:f7:74:72:9d:1d:51:
ae:e8:12:73:4c:a8:19:ad:54:03:22:a6:c0:56:29:1a:
cc:70:81:5e:fb:38:c0:f7:16:d5:9b:34:2c:16:43:84:
b3:7f:bb:86:83:fd:9a:d7:f5:67:a8:f4:c3:33:58:5e:
89:7a:f6:9f:a8:d7:b6:f9:0b:47:d7:6e:46:53:32:63:
e6:da:23:54:89:bc:4f:12:16:6d:eb:d4:f0:55:08:46:
64:69:46:55:20:90:ab:61:c4:f2:b6:d5:50:b5:48:07:
c0:f9:da:8e:fb:dd:53:e6:9f:1f:4e:d9:ec:af:a6:ad:
75:76:75:e4:b7:b3:ad:56:52:66:f4:9b:71:0d:b1:92:
a1:fc:16:c7:66:41:dd:b4:2f:df:34:ed:ad:29:26:40:
4f:85:a5:98:2c:9b:f0:18:42:3d:97:aa:73:16:3b:ac:
48:a9:8c:af:77:b3:24:d0:0d:07:ff:11:79:a9:24:a8:
2a:08:bd:e1:84:e3:6a:6f:2c:8e:62:78:8e:86:95:73
Fingerprint (MD5):
27:7d:ec:86:4f:07:65:9f:27:1e:eb:c4:af:9b:b0:b1
Fingerprint (SHA1):
df:60:7a:1b:54:22:bd:f2:2c:ea:ee:51:17:23:ae:2d:
f2:57:69:88
ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
ipa: DEBUG: cert valid True for "CN=HOSTNAME.DOMAIN,O=FULLY.QUALIFIED.DOMAIN"
ipa: DEBUG: handshake complete, peer = 142.103.89.209:443
ipa: DEBUG: received Set-Cookie 'ipa_session=770312911f588dc88e3d5847a28b3344; Domain=HOSTNAME.DOMAIN; Path=/ipa; Expires=Sat, 05 Oct 2013 07:45:45 GMT; Secure; HttpOnly'
ipa: DEBUG: storing cookie 'ipa_session=770312911f588dc88e3d5847a28b3344; Domain=HOSTNAME.DOMAIN; Path=/ipa; Expires=Sat, 05 Oct 2013 07:45:45 GMT; Secure; HttpOnly' for principal admin at FULLY.QUALIFIED.DOMAIN
ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin at FULLY.QUALIFIED.DOMAIN
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=keyctl_search: Required key not available
ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:admin at FULLY.QUALIFIED.DOMAIN
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=keyctl_search: Required key not available
ipa: DEBUG: args=keyctl padd user ipa_session_cookie:admin at FULLY.QUALIFIED.DOMAIN @s
ipa: DEBUG: stdout=109211408
ipa: DEBUG: stderr=
ipa: DEBUG: Caught fault 4301 from server https://HOSTNAME.DOMAIN/ipa/xml: Certificate operation cannot be completed: EXCEPTION (You did not provide a valid certificate for this operation)
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: Certificate operation cannot be completed: EXCEPTION (You did not provide a valid certificate for this operation)
Debug output from /var/log/httpd/error_log for "ipa cert-show 22" command:
[Sat Oct 05 00:25:44 2013] [info] Connection to child 3 established (server HOSTNAME.DOMAIN:443, client 142.103.89.209)
[Sat Oct 05 00:25:44 2013] [info] Initial (No.1) HTTPS request received for child 3 (server HOSTNAME.DOMAIN:443)
[Sat Oct 05 00:25:44 2013] [debug] src/mod_auth_kerb.c(1939): [client 142.103.89.209] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:44 2013] [debug] src/mod_auth_kerb.c(1278): [client 142.103.89.209] Acquiring creds for HTTP at HOSTNAME.DOMAIN, referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:44 2013] [debug] src/mod_auth_kerb.c(1472): [client 142.103.89.209] Credentials cache FILE:/tmp/krb5cc_48 not found, create one, referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:44 2013] [debug] src/mod_auth_kerb.c(1538): [client 142.103.89.209] Obtaining new credentials for HTTP/HOSTNAME.DOMAIN, referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:45 2013] [debug] src/mod_auth_kerb.c(1597): [client 142.103.89.209] Done obtaining credentials for s4u2proxy, referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:45 2013] [debug] src/mod_auth_kerb.c(1691): [client 142.103.89.209] Verifying client data using KRB5 GSS-API , referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:45 2013] [debug] src/mod_auth_kerb.c(1707): [client 142.103.89.209] Client delegated us their credential, referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:45 2013] [debug] src/mod_auth_kerb.c(1726): [client 142.103.89.209] GSS-API token of length 156 bytes will be sent back, referer: https://HOSTNAME.DOMAIN/ipa/xml
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: WSGI wsgi_dispatch.__call__:
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: WSGI xmlserver.__call__:
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: Created connection context.ldap2
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: WSGI WSGIExecutioner.__call__:
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: raw: cert_show(u'22')
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: cert_show(u'22')
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: IPA: virtual verify retrieve certificate
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-FULLY-QUALIFIED-DOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fcb4aba03f8>
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: ipaserver.plugins.dogtag.ra.get_certificate()
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: https_request 'https://HOSTNAME.DOMAIN:443/ca/agent/ca/displayBySerial'
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: https_request post 'xml=true&serialNumber=22'
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: NSSConnection init HOSTNAME.DOMAIN
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: Connecting: 142.103.89.209:0
[Sat Oct 05 00:25:45 2013] [info] Connection to child 4 established (server HOSTNAME.DOMAIN:443, client 142.103.89.209)
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False
[Sat Oct 05 00:25:45 2013] [error] Data:
[Sat Oct 05 00:25:45 2013] [error] Version: 3 (0x2)
[Sat Oct 05 00:25:45 2013] [error] Serial Number: 22 (0x16)
[Sat Oct 05 00:25:45 2013] [error] Signature Algorithm:
[Sat Oct 05 00:25:45 2013] [error] Algorithm: PKCS #1 SHA-256 With RSA Encryption
[Sat Oct 05 00:25:45 2013] [error] Issuer: CN=Certificate Authority,O=FULLY.QUALIFIED.DOMAIN
[Sat Oct 05 00:25:45 2013] [error] Validity:
[Sat Oct 05 00:25:45 2013] [error] Not Before: Thu Apr 11 23:23:18 2013 UTC
[Sat Oct 05 00:25:45 2013] [error] Not After: Tue Oct 08 23:23:18 2013 UTC
[Sat Oct 05 00:25:45 2013] [error] Subject: CN=HOSTNAME.DOMAIN,O=FULLY.QUALIFIED.DOMAIN
[Sat Oct 05 00:25:45 2013] [error] Subject Public Key Info:
[Sat Oct 05 00:25:45 2013] [error] Public Key Algorithm:
[Sat Oct 05 00:25:45 2013] [error] Algorithm: PKCS #1 RSA Encryption
[Sat Oct 05 00:25:45 2013] [error] RSA Public Key:
[Sat Oct 05 00:25:45 2013] [error] Modulus:
[Sat Oct 05 00:25:45 2013] [error] b0:b0:50:1f:e9:72:26:d5:dd:ff:70:ba:66:bb:a6:90:
[Sat Oct 05 00:25:45 2013] [error] bf:02:e9:7f:9b:73:10:9b:d9:a5:84:f7:34:c6:ed:03:
[Sat Oct 05 00:25:45 2013] [error] ca:48:11:5e:50:9d:19:9f:22:24:8a:17:35:69:d0:69:
[Sat Oct 05 00:25:45 2013] [error] 0e:f7:a8:37:2d:46:11:98:5e:df:a8:2c:93:96:a7:66:
[Sat Oct 05 00:25:45 2013] [error] e4:3d:20:c1:72:e2:94:46:36:0b:84:44:2e:94:a9:98:
[Sat Oct 05 00:25:45 2013] [error] 7a:da:1d:3a:f0:13:53:47:0d:b1:30:21:9d:55:a8:32:
[Sat Oct 05 00:25:45 2013] [error] 09:be:c6:d3:98:2e:6c:a1:a1:34:02:9a:7f:df:ba:4b:
[Sat Oct 05 00:25:45 2013] [error] f1:c9:10:c4:0b:70:e7:08:de:98:24:c4:a6:d2:4a:e5:
[Sat Oct 05 00:25:45 2013] [error] 0c:41:e7:f6:80:a5:7a:25:b7:8d:0e:b9:aa:b7:ff:4f:
[Sat Oct 05 00:25:45 2013] [error] cd:85:b5:3e:1c:e0:6f:83:e5:c1:86:ec:e0:6f:dd:f2:
[Sat Oct 05 00:25:45 2013] [error] 3a:6b:60:ce:3f:63:46:9a:75:5e:e3:20:76:d3:36:53:
[Sat Oct 05 00:25:45 2013] [error] 07:1f:34:77:a7:42:3e:58:0d:30:15:f6:47:e3:a2:d3:
[Sat Oct 05 00:25:45 2013] [error] 46:b0:cf:62:1b:00:2a:28:18:39:5c:35:3b:ff:c6:7a:
[Sat Oct 05 00:25:45 2013] [error] c2:9d:08:75:17:92:d3:7f:58:6d:c8:bc:55:c3:6f:3e:
[Sat Oct 05 00:25:45 2013] [error] 17:f7:55:bf:e6:3c:af:cc:8a:18:59:f1:46:50:07:36:
[Sat Oct 05 00:25:45 2013] [error] 09:38:87:4b:38:67:44:f6:b6:bb:cf:f0:af:88:30:5f
[Sat Oct 05 00:25:45 2013] [error] Exponent:
[Sat Oct 05 00:25:45 2013] [error] 65537 (0x10001)
[Sat Oct 05 00:25:45 2013] [error] Signed Extensions: (5)
[Sat Oct 05 00:25:45 2013] [error] Name: Certificate Authority Key Identifier
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error] Key ID:
[Sat Oct 05 00:25:45 2013] [error] 3a:41:f5:c1:b7:ff:bb:79:13:d1:23:92:61:16:fc:7d:
[Sat Oct 05 00:25:45 2013] [error] a7:d1:82:d2
[Sat Oct 05 00:25:45 2013] [error] Serial Number: None
[Sat Oct 05 00:25:45 2013] [error] General Names: [0 total]
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Authority Information Access
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Certificate Key Usage
[Sat Oct 05 00:25:45 2013] [error] Critical: True
[Sat Oct 05 00:25:45 2013] [error] Usages:
[Sat Oct 05 00:25:45 2013] [error] Digital Signature
[Sat Oct 05 00:25:45 2013] [error] Non-Repudiation
[Sat Oct 05 00:25:45 2013] [error] Key Encipherment
[Sat Oct 05 00:25:45 2013] [error] Data Encipherment
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Extended Key Usage
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error] Usages:
[Sat Oct 05 00:25:45 2013] [error] TLS Web Server Authentication Certificate
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Certificate Subject Key ID
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error] Data:
[Sat Oct 05 00:25:45 2013] [error] e0:56:1f:d5:73:7c:5f:7f:60:5e:d7:3c:88:43:8d:97:
[Sat Oct 05 00:25:45 2013] [error] b7:f5:fb:24
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Certificate Trust Flags:
[Sat Oct 05 00:25:45 2013] [error] SSL Flags:
[Sat Oct 05 00:25:45 2013] [error] User
[Sat Oct 05 00:25:45 2013] [error] Email Flags:
[Sat Oct 05 00:25:45 2013] [error] User
[Sat Oct 05 00:25:45 2013] [error] Object Signing Flags:
[Sat Oct 05 00:25:45 2013] [error] User
[Sat Oct 05 00:25:45 2013] [error] Signature:
[Sat Oct 05 00:25:45 2013] [error] Signature Algorithm:
[Sat Oct 05 00:25:45 2013] [error] Algorithm: PKCS #1 SHA-256 With RSA Encryption
[Sat Oct 05 00:25:45 2013] [error] Signature:
[Sat Oct 05 00:25:45 2013] [error] 85:60:83:4c:d5:80:28:9c:ec:69:b0:26:7a:4f:fc:99:
[Sat Oct 05 00:25:45 2013] [error] e1:4e:3d:78:54:59:d7:46:b3:cf:fb:81:8e:16:67:18:
[Sat Oct 05 00:25:45 2013] [error] b4:c4:98:3f:16:54:05:ef:6e:79:5f:62:81:65:e3:a8:
[Sat Oct 05 00:25:45 2013] [error] e7:7b:68:12:25:1f:af:dc:bf:3a:f7:74:72:9d:1d:51:
[Sat Oct 05 00:25:45 2013] [error] ae:e8:12:73:4c:a8:19:ad:54:03:22:a6:c0:56:29:1a:
[Sat Oct 05 00:25:45 2013] [error] cc:70:81:5e:fb:38:c0:f7:16:d5:9b:34:2c:16:43:84:
[Sat Oct 05 00:25:45 2013] [error] b3:7f:bb:86:83:fd:9a:d7:f5:67:a8:f4:c3:33:58:5e:
[Sat Oct 05 00:25:45 2013] [error] 89:7a:f6:9f:a8:d7:b6:f9:0b:47:d7:6e:46:53:32:63:
[Sat Oct 05 00:25:45 2013] [error] e6:da:23:54:89:bc:4f:12:16:6d:eb:d4:f0:55:08:46:
[Sat Oct 05 00:25:45 2013] [error] 64:69:46:55:20:90:ab:61:c4:f2:b6:d5:50:b5:48:07:
[Sat Oct 05 00:25:45 2013] [error] c0:f9:da:8e:fb:dd:53:e6:9f:1f:4e:d9:ec:af:a6:ad:
[Sat Oct 05 00:25:45 2013] [error] 75:76:75:e4:b7:b3:ad:56:52:66:f4:9b:71:0d:b1:92:
[Sat Oct 05 00:25:45 2013] [error] a1:fc:16:c7:66:41:dd:b4:2f:df:34:ed:ad:29:26:40:
[Sat Oct 05 00:25:45 2013] [error] 4f:85:a5:98:2c:9b:f0:18:42:3d:97:aa:73:16:3b:ac:
[Sat Oct 05 00:25:45 2013] [error] 48:a9:8c:af:77:b3:24:d0:0d:07:ff:11:79:a9:24:a8:
[Sat Oct 05 00:25:45 2013] [error] 2a:08:bd:e1:84:e3:6a:6f:2c:8e:62:78:8e:86:95:73
[Sat Oct 05 00:25:45 2013] [error] Fingerprint (MD5):
[Sat Oct 05 00:25:45 2013] [error] 27:7d:ec:86:4f:07:65:9f:27:1e:eb:c4:af:9b:b0:b1
[Sat Oct 05 00:25:45 2013] [error] Fingerprint (SHA1):
[Sat Oct 05 00:25:45 2013] [error] df:60:7a:1b:54:22:bd:f2:2c:ea:ee:51:17:23:ae:2d:
[Sat Oct 05 00:25:45 2013] [error] f2:57:69:88
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: cert valid True for "CN=HOSTNAME.DOMAIN,O=FULLY.QUALIFIED.DOMAIN"
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: handshake complete, peer = 142.103.89.209:443
[Sat Oct 05 00:25:45 2013] [info] Initial (No.1) HTTPS request received for child 4 (server HOSTNAME.DOMAIN:443)
[Sat Oct 05 00:25:45 2013] [debug] nss_engine_kernel.c(314): Changed client verification type will force renegotiation
[Sat Oct 05 00:25:45 2013] [debug] nss_engine_io.c(947): [client 142.103.89.209] filling buffer
[Sat Oct 05 00:25:45 2013] [debug] nss_engine_io.c(998): [client 142.103.89.209] total of 24 bytes in buffer, eos=1
[Sat Oct 05 00:25:45 2013] [info] Requesting connection re-negotiation
[Sat Oct 05 00:25:45 2013] [debug] nss_engine_kernel.c(409): Performing full renegotiation: complete handshake protocol
[Sat Oct 05 00:25:45 2013] [debug] nss_engine_kernel.c(431): Awaiting re-negotiation handshake
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: auth_certificate_callback: check_sig=True is_server=False
[Sat Oct 05 00:25:45 2013] [error] Data:
[Sat Oct 05 00:25:45 2013] [error] Version: 3 (0x2)
[Sat Oct 05 00:25:45 2013] [error] Serial Number: 22 (0x16)
[Sat Oct 05 00:25:45 2013] [error] Signature Algorithm:
[Sat Oct 05 00:25:45 2013] [error] Algorithm: PKCS #1 SHA-256 With RSA Encryption
[Sat Oct 05 00:25:45 2013] [error] Issuer: CN=Certificate Authority,O=FULLY.QUALIFIED.DOMAIN
[Sat Oct 05 00:25:45 2013] [error] Validity:
[Sat Oct 05 00:25:45 2013] [error] Not Before: Thu Apr 11 23:23:18 2013 UTC
[Sat Oct 05 00:25:45 2013] [error] Not After: Tue Oct 08 23:23:18 2013 UTC
[Sat Oct 05 00:25:45 2013] [error] Subject: CN=HOSTNAME.DOMAIN,O=FULLY.QUALIFIED.DOMAIN
[Sat Oct 05 00:25:45 2013] [error] Subject Public Key Info:
[Sat Oct 05 00:25:45 2013] [error] Public Key Algorithm:
[Sat Oct 05 00:25:45 2013] [error] Algorithm: PKCS #1 RSA Encryption
[Sat Oct 05 00:25:45 2013] [error] RSA Public Key:
[Sat Oct 05 00:25:45 2013] [error] Modulus:
[Sat Oct 05 00:25:45 2013] [error] b0:b0:50:1f:e9:72:26:d5:dd:ff:70:ba:66:bb:a6:90:
[Sat Oct 05 00:25:45 2013] [error] bf:02:e9:7f:9b:73:10:9b:d9:a5:84:f7:34:c6:ed:03:
[Sat Oct 05 00:25:45 2013] [error] ca:48:11:5e:50:9d:19:9f:22:24:8a:17:35:69:d0:69:
[Sat Oct 05 00:25:45 2013] [error] 0e:f7:a8:37:2d:46:11:98:5e:df:a8:2c:93:96:a7:66:
[Sat Oct 05 00:25:45 2013] [error] e4:3d:20:c1:72:e2:94:46:36:0b:84:44:2e:94:a9:98:
[Sat Oct 05 00:25:45 2013] [error] 7a:da:1d:3a:f0:13:53:47:0d:b1:30:21:9d:55:a8:32:
[Sat Oct 05 00:25:45 2013] [error] 09:be:c6:d3:98:2e:6c:a1:a1:34:02:9a:7f:df:ba:4b:
[Sat Oct 05 00:25:45 2013] [error] f1:c9:10:c4:0b:70:e7:08:de:98:24:c4:a6:d2:4a:e5:
[Sat Oct 05 00:25:45 2013] [error] 0c:41:e7:f6:80:a5:7a:25:b7:8d:0e:b9:aa:b7:ff:4f:
[Sat Oct 05 00:25:45 2013] [error] cd:85:b5:3e:1c:e0:6f:83:e5:c1:86:ec:e0:6f:dd:f2:
[Sat Oct 05 00:25:45 2013] [error] 3a:6b:60:ce:3f:63:46:9a:75:5e:e3:20:76:d3:36:53:
[Sat Oct 05 00:25:45 2013] [error] 07:1f:34:77:a7:42:3e:58:0d:30:15:f6:47:e3:a2:d3:
[Sat Oct 05 00:25:45 2013] [error] 46:b0:cf:62:1b:00:2a:28:18:39:5c:35:3b:ff:c6:7a:
[Sat Oct 05 00:25:45 2013] [error] c2:9d:08:75:17:92:d3:7f:58:6d:c8:bc:55:c3:6f:3e:
[Sat Oct 05 00:25:45 2013] [error] 17:f7:55:bf:e6:3c:af:cc:8a:18:59:f1:46:50:07:36:
[Sat Oct 05 00:25:45 2013] [error] 09:38:87:4b:38:67:44:f6:b6:bb:cf:f0:af:88:30:5f
[Sat Oct 05 00:25:45 2013] [error] Exponent:
[Sat Oct 05 00:25:45 2013] [error] 65537 (0x10001)
[Sat Oct 05 00:25:45 2013] [error] Signed Extensions: (5)
[Sat Oct 05 00:25:45 2013] [error] Name: Certificate Authority Key Identifier
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error] Key ID:
[Sat Oct 05 00:25:45 2013] [error] 3a:41:f5:c1:b7:ff:bb:79:13:d1:23:92:61:16:fc:7d:
[Sat Oct 05 00:25:45 2013] [error] a7:d1:82:d2
[Sat Oct 05 00:25:45 2013] [error] Serial Number: None
[Sat Oct 05 00:25:45 2013] [error] General Names: [0 total]
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Authority Information Access
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Certificate Key Usage
[Sat Oct 05 00:25:45 2013] [error] Critical: True
[Sat Oct 05 00:25:45 2013] [error] Usages:
[Sat Oct 05 00:25:45 2013] [error] Digital Signature
[Sat Oct 05 00:25:45 2013] [error] Non-Repudiation
[Sat Oct 05 00:25:45 2013] [error] Key Encipherment
[Sat Oct 05 00:25:45 2013] [error] Data Encipherment
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Extended Key Usage
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error] Usages:
[Sat Oct 05 00:25:45 2013] [error] TLS Web Server Authentication Certificate
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Name: Certificate Subject Key ID
[Sat Oct 05 00:25:45 2013] [error] Critical: False
[Sat Oct 05 00:25:45 2013] [error] Data:
[Sat Oct 05 00:25:45 2013] [error] e0:56:1f:d5:73:7c:5f:7f:60:5e:d7:3c:88:43:8d:97:
[Sat Oct 05 00:25:45 2013] [error] b7:f5:fb:24
[Sat Oct 05 00:25:45 2013] [error]
[Sat Oct 05 00:25:45 2013] [error] Certificate Trust Flags:
[Sat Oct 05 00:25:45 2013] [error] SSL Flags:
[Sat Oct 05 00:25:45 2013] [error] User
[Sat Oct 05 00:25:45 2013] [error] Email Flags:
[Sat Oct 05 00:25:45 2013] [error] User
[Sat Oct 05 00:25:45 2013] [error] Object Signing Flags:
[Sat Oct 05 00:25:45 2013] [error] User
[Sat Oct 05 00:25:45 2013] [error] Signature:
[Sat Oct 05 00:25:45 2013] [error] Signature Algorithm:
[Sat Oct 05 00:25:45 2013] [error] Algorithm: PKCS #1 SHA-256 With RSA Encryption
[Sat Oct 05 00:25:45 2013] [error] Signature:
[Sat Oct 05 00:25:45 2013] [error] 85:60:83:4c:d5:80:28:9c:ec:69:b0:26:7a:4f:fc:99:
[Sat Oct 05 00:25:45 2013] [error] e1:4e:3d:78:54:59:d7:46:b3:cf:fb:81:8e:16:67:18:
[Sat Oct 05 00:25:45 2013] [error] b4:c4:98:3f:16:54:05:ef:6e:79:5f:62:81:65:e3:a8:
[Sat Oct 05 00:25:45 2013] [error] e7:7b:68:12:25:1f:af:dc:bf:3a:f7:74:72:9d:1d:51:
[Sat Oct 05 00:25:45 2013] [error] ae:e8:12:73:4c:a8:19:ad:54:03:22:a6:c0:56:29:1a:
[Sat Oct 05 00:25:45 2013] [error] cc:70:81:5e:fb:38:c0:f7:16:d5:9b:34:2c:16:43:84:
[Sat Oct 05 00:25:45 2013] [error] b3:7f:bb:86:83:fd:9a:d7:f5:67:a8:f4:c3:33:58:5e:
[Sat Oct 05 00:25:45 2013] [error] 89:7a:f6:9f:a8:d7:b6:f9:0b:47:d7:6e:46:53:32:63:
[Sat Oct 05 00:25:45 2013] [error] e6:da:23:54:89:bc:4f:12:16:6d:eb:d4:f0:55:08:46:
[Sat Oct 05 00:25:45 2013] [error] 64:69:46:55:20:90:ab:61:c4:f2:b6:d5:50:b5:48:07:
[Sat Oct 05 00:25:45 2013] [error] c0:f9:da:8e:fb:dd:53:e6:9f:1f:4e:d9:ec:af:a6:ad:
[Sat Oct 05 00:25:45 2013] [error] 75:76:75:e4:b7:b3:ad:56:52:66:f4:9b:71:0d:b1:92:
[Sat Oct 05 00:25:45 2013] [error] a1:fc:16:c7:66:41:dd:b4:2f:df:34:ed:ad:29:26:40:
[Sat Oct 05 00:25:45 2013] [error] 4f:85:a5:98:2c:9b:f0:18:42:3d:97:aa:73:16:3b:ac:
[Sat Oct 05 00:25:45 2013] [error] 48:a9:8c:af:77:b3:24:d0:0d:07:ff:11:79:a9:24:a8:
[Sat Oct 05 00:25:45 2013] [error] 2a:08:bd:e1:84:e3:6a:6f:2c:8e:62:78:8e:86:95:73
[Sat Oct 05 00:25:45 2013] [error] Fingerprint (MD5):
[Sat Oct 05 00:25:45 2013] [error] 27:7d:ec:86:4f:07:65:9f:27:1e:eb:c4:af:9b:b0:b1
[Sat Oct 05 00:25:45 2013] [error] Fingerprint (SHA1):
[Sat Oct 05 00:25:45 2013] [error] df:60:7a:1b:54:22:bd:f2:2c:ea:ee:51:17:23:ae:2d:
[Sat Oct 05 00:25:45 2013] [error] f2:57:69:88
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: cert valid True for "CN=HOSTNAME.DOMAIN,O=FULLY.QUALIFIED.DOMAIN"
[Sat Oct 05 00:25:45 2013] [error] /usr/lib64/python2.6/getpass.py:83: GetPassWarning: Can not control echo on the terminal.
[Sat Oct 05 00:25:45 2013] [error] passwd = fallback_getpass(prompt, stream)
[Sat Oct 05 00:25:45 2013] [error] Warning: Password input may be echoed.
[Sat Oct 05 00:25:45 2013] [error] Enter password for internal:
[Sat Oct 05 00:25:45 2013] [error] exception in PK11 password callback
[Sat Oct 05 00:25:45 2013] [error] Traceback (most recent call last):
[Sat Oct 05 00:25:45 2013] [error] File "/usr/lib/python2.6/site-packages/ipapython/nsslib.py", line 229, in password_callback
[Sat Oct 05 00:25:45 2013] [error] return getpass.getpass("Enter password for %s: " % slot.token_name);
[Sat Oct 05 00:25:45 2013] [error] File "/usr/lib64/python2.6/getpass.py", line 83, in unix_getpass
[Sat Oct 05 00:25:45 2013] [error] passwd = fallback_getpass(prompt, stream)
[Sat Oct 05 00:25:45 2013] [error] File "/usr/lib64/python2.6/getpass.py", line 118, in fallback_getpass
[Sat Oct 05 00:25:45 2013] [error] return _raw_input(prompt, stream)
[Sat Oct 05 00:25:45 2013] [error] File "/usr/lib64/python2.6/getpass.py", line 135, in _raw_input
[Sat Oct 05 00:25:45 2013] [error] raise EOFError
[Sat Oct 05 00:25:45 2013] [error] EOFError
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: handshake complete, peer = 142.103.89.209:443
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy_ajp.c(45): proxy: AJP: canonicalising URL //localhost:9447/ca/agent/ca/displayBySerial
[Sat Oct 05 00:25:45 2013] [debug] proxy_util.c(1521): [client 142.103.89.209] proxy: ajp: found worker ajp://localhost:9447 for ajp://localhost:9447/ca/agent/ca/displayBySerial
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy.c(1020): Running scheme ajp handler (attempt 0)
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy_http.c(1952): proxy: HTTP: declining URL ajp://localhost:9447/ca/agent/ca/displayBySerial
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy_ajp.c(709): proxy: AJP: serving URL ajp://localhost:9447/ca/agent/ca/displayBySerial
[Sat Oct 05 00:25:45 2013] [debug] proxy_util.c(2026): proxy: AJP: has acquired connection for (localhost)
[Sat Oct 05 00:25:45 2013] [debug] proxy_util.c(2082): proxy: connecting ajp://localhost:9447/ca/agent/ca/displayBySerial to localhost:9447
[Sat Oct 05 00:25:45 2013] [debug] proxy_util.c(2209): proxy: connected /ca/agent/ca/displayBySerial to localhost:9447
[Sat Oct 05 00:25:45 2013] [debug] proxy_util.c(2460): proxy: AJP: fam 2 socket created to connect to localhost
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(224): Into ajp_marshal_into_msgb
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(290): ajp_marshal_into_msgb: Header[0] [Host] = [HOSTNAME.DOMAIN]
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(290): ajp_marshal_into_msgb: Header[1] [Accept-Encoding] = [identity]
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(290): ajp_marshal_into_msgb: Header[2] [Content-Length] = [24]
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(290): ajp_marshal_into_msgb: Header[3] [Content-type] = [application/x-www-form-urlencoded]
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(290): ajp_marshal_into_msgb: Header[4] [Accept] = [text/plain]
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(450): ajp_marshal_into_msgb: Done
[Sat Oct 05 00:25:45 2013] [debug] nss_engine_io.c(1030): [client 142.103.89.209] read from buffered SSL brigade, mode 0, 8186 bytes
[Sat Oct 05 00:25:45 2013] [debug] nss_engine_io.c(1092): [client 142.103.89.209] buffered SSL brigade now exhausted; removing filter
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy_ajp.c(269): proxy: APR_BUCKET_IS_EOS
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy_ajp.c(274): proxy: data to read (max 8186 at 4)
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy_ajp.c(289): proxy: got 24 bytes of data
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(687): ajp_read_header: ajp_ilink_received 04
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(697): ajp_parse_type: got 04
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(516): ajp_unmarshal_response: status = 200
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(537): ajp_unmarshal_response: Number of headers is = 2
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(599): ajp_unmarshal_response: Header[0] [Content-Type] = [application/xml]
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(609): ajp_unmarshal_response: ap_set_content_type done
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(599): ajp_unmarshal_response: Header[1] [Content-Length] = [274]
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(687): ajp_read_header: ajp_ilink_received 03
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(697): ajp_parse_type: got 03
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: parse_display_cert_xml() xml_text:
[Sat Oct 05 00:25:45 2013] [error] <?xml version="1.0" encoding="UTF-8" standalone="no"?><xml><header/><fixed><authorityName>Certificate Manager</authorityName><unexpectedError>You did not provide a valid certificate for this operation</unexpectedError><requestStatus>7</requestStatus></fixed><records/></xml>
[Sat Oct 05 00:25:45 2013] [error] parse_result:
[Sat Oct 05 00:25:45 2013] [error] {'request_status': 7, 'error_string': u'You did not provide a valid certificate for this operation', 'authority': u'Certificate Manager'}
[Sat Oct 05 00:25:45 2013] [error] ipa: ERROR: ipaserver.plugins.dogtag.ra.get_certificate(): EXCEPTION (You did not provide a valid certificate for this operation)
[Sat Oct 05 00:25:45 2013] [error] ipa: INFO: admin at FULLY.QUALIFIED.DOMAIN: cert_show(u'22'): CertificateOperationError
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: response: CertificateOperationError: Certificate operation cannot be completed: EXCEPTION (You did not provide a valid certificate for this operation)
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(687): ajp_read_header: ajp_ilink_received 05
[Sat Oct 05 00:25:45 2013] [debug] ajp_header.c(697): ajp_parse_type: got 05
[Sat Oct 05 00:25:45 2013] [debug] mod_proxy_ajp.c(616): proxy: got response from (null) (localhost)
[Sat Oct 05 00:25:45 2013] [debug] proxy_util.c(2044): proxy: AJP: has released connection for (localhost)
[Sat Oct 05 00:25:45 2013] [info] Connection to child 4 closed (server HOSTNAME.DOMAIN:443, client 142.103.89.209)
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: no session id in request, generating empty session data with id=770312911f588dc88e3d5847a28b3344
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: store session: session_id=770312911f588dc88e3d5847a28b3344 start_timestamp=2013-10-05T00:25:45 access_timestamp=2013-10-05T00:25:45 expiration_timestamp=1969-12-31T16:00:00
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: finalize_kerberos_acquisition: xmlserver ccache_name="FILE:/tmp/krb5cc_apache_iaPR3X" session_id="770312911f588dc88e3d5847a28b3344"
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: reading ccache data from file "/tmp/krb5cc_apache_iaPR3X"
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: get_credential_times: principal=HTTP/HOSTNAME.DOMAIN at FULLY.QUALIFIED.DOMAIN, authtime=10/05/13 00:24:59, starttime=10/05/13 00:25:14, endtime=10/06/13 00:24:42, renew_till=12/31/69 16:00:00
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: KRB5_CCache FILE:/tmp/krb5cc_apache_iaPR3X endtime=1381044282 (10/06/13 00:24:42)
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: set_session_expiration_time: duration_type=inactivity_timeout duration=1200 max_age=1381043982 expiration=1380959145.43 (2013-10-05T00:45:45)
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: store session: session_id=770312911f588dc88e3d5847a28b3344 start_timestamp=2013-10-05T00:25:45 access_timestamp=2013-10-05T00:25:45 expiration_timestamp=2013-10-05T00:45:45
[Sat Oct 05 00:25:45 2013] [error] ipa: DEBUG: Destroyed connection context.ldap2
[Sat Oct 05 00:25:45 2013] [info] Connection to child 3 closed (server HOSTNAME.DOMAIN:443, client 142.103.89.209)
I'm not sure what to make of this.
Thanks,
--Ryan
More information about the Freeipa-users
mailing list