[Freeipa-users] slight problem when integrating certmonger with dogtag on fedora 21
marcin kowalski
yoshi314 at gmail.com
Tue Feb 10 17:35:32 UTC 2015
Hi all, i'm getting dogtag figured out slowly, and i noticed one odd thing.
I've setup certmonger to request an arbitrary certificate through dogtag,
and while the request seems to go into the dogtag system, certmonger acts
as if communication with the CA failed. The certificate is considered in
need of user attention because the process got stuck.
Request ID ‘20150210125814’:
status: NEED_GUIDANCE
stuck: yes
key pair storage: type=FILE,location=’/etc/pki/testkey’
certificate: type=FILE,location=’/etc/pki/testcert’
CA: dogtag-ipa
issuer:
subject:
expires: unknown
pre-save command:
post-save command:
track: yes
auto-renew: yes
[root at fedora pki]# systemctl status -l certmonger
(….)
lut 10 13:57:04 fedora.box.net certmonger[7845]: Request for certificate to
be stored in file “/etc/pki/testcert” rejected by CA.
The request is present in dogtag and is valid, can be accepted/rejected,
etc. Even though certmonger never notices that. I wonder if there is some
obvious mistake in my setup, or perhaps there is known bug in interaction
of both components on F21 (i'm using only standard repositories).
When i post the query from certmonger's agent defined in ca definition
through curl, i get no errors.
What would be the best way to debug this issue?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150210/2d0c75da/attachment.htm>
More information about the Freeipa-users
mailing list