[Freeipa-users] slight problem when integrating certmonger with dogtag on fedora 21
Dmitri Pal
dpal at redhat.com
Tue Feb 10 17:40:08 UTC 2015
On 02/10/2015 12:35 PM, marcin kowalski wrote:
> Hi all, i'm getting dogtag figured out slowly, and i noticed one odd
> thing.
>
> I've setup certmonger to request an arbitrary certificate through
> dogtag, and while the request seems to go into the dogtag system,
> certmonger acts as if communication with the CA failed. The
> certificate is considered in need of user attention because the
> process got stuck.
>
> Request ID '20150210125814':
> status: NEED_GUIDANCE
> stuck: yes
> key pair storage: type=FILE,location='/etc/pki/testkey'
> certificate: type=FILE,location='/etc/pki/testcert'
> CA: dogtag-ipa
> issuer:
> subject:
> expires: unknown
> pre-save command:
> post-save command:
> track: yes
> auto-renew: yes
>
>
> [root at fedora pki]# systemctl status -l certmonger
> (....)
> lut 10 13:57:04 fedora.box.net <http://fedora.box.net>
> certmonger[7845]: Request for certificate to be stored in file
> "/etc/pki/testcert" rejected by CA.
>
>
> The request is present in dogtag and is valid, can be
> accepted/rejected, etc. Even though certmonger never notices that. I
> wonder if there is some obvious mistake in my setup, or perhaps there
> is known bug in interaction of both components on F21 (i'm using only
> standard repositories).
>
> When i post the query from certmonger's agent defined in ca definition
> through curl, i get no errors.
>
> What would be the best way to debug this issue?
>
>
Can you post your certmonger get-cert command?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150210/6c456863/attachment.htm>
More information about the Freeipa-users
mailing list