[Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
Natxo Asenjo
natxo.asenjo at gmail.com
Wed Sep 7 13:45:59 UTC 2016
On Wed, Sep 7, 2016 at 3:27 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Natxo Asenjo wrote:
>
>> hi,
>>
>> using centos 6.8 (server and client), when trying to view some hosts we
>> get this error:
>>
>>
>> $ ipa host-find host-1920.sub.domain.tld
>> ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The
>> certificate/key database is in an old, unsupported format.
>>
>>
>> I saw a thread last year about this, but no solution.
>>
>> Any clues?
>>
>
> /var/log/httpd/error_log may contain a traceback
This made me take a look at a replica and there I could not replicate the
error, I got the info I requested.
In the apache error file I saw indeed a traceback:
[Sun Sep 04 03:21:31 2016] [error] ipa: ERROR: non-public: XMLSyntaxError:
None
[Sun Sep 04 03:21:31 2016] [error] Traceback (most recent call last):
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in
wsgi_execute
[Sun Sep 04 03:21:31 2016] [error] result = self.Command[name](*args,
**options)
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Sun Sep 04 03:21:31 2016] [error] ret = self.run(*args, **options)
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 750, in run
[Sun Sep 04 03:21:31 2016] [error] return self.execute(*args, **options)
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py", line 362, in
execute
[Sun Sep 04 03:21:31 2016] [error] result =
api.Command['cert_show'](unicode(serial))['result']
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__
[Sun Sep 04 03:21:31 2016] [error] ret = self.run(*args, **options)
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 750, in run
[Sun Sep 04 03:21:31 2016] [error] return self.execute(*args, **options)
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py", line 493, in
execute
[Sun Sep 04 03:21:31 2016] [error]
result=self.Backend.ra.get_certificate(serial_number)
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py", line 1489,
in get_certificate
[Sun Sep 04 03:21:31 2016] [error] parse_result =
self.get_parse_result_xml(http_body, parse_display_cert_xml)
[Sun Sep 04 03:21:31 2016] [error] File
"/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py", line 1350,
in get_parse_result_xml
[Sun Sep 04 03:21:31 2016] [error] doc = etree.fromstring(xml_text,
parser)
[Sun Sep 04 03:21:31 2016] [error] File "lxml.etree.pyx", line 2532, in
lxml.etree.fromstring (src/lxml/lxml.etree.c:48270)
[Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 1545, in
lxml.etree._parseMemoryDocument (src/lxml/lxml.etree.c:71812)
[Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 1424, in
lxml.etree._parseDoc (src/lxml/lxml.etree.c:70673)
[Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 938, in
lxml.etree._BaseParser._parseDoc (src/lxml/lxml.etree.c:67442)
[Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 539, in
lxml.etree._ParserContext._handleParseResultDoc
(src/lxml/lxml.etree.c:63824)
[Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 625, in
lxml.etree._handleParseResult (src/lxml/lxml.etree.c:64745)
[Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 576, in
lxml.etree._raiseParseError (src/lxml/lxml.etree.c:64260)
[Sun Sep 04 03:21:31 2016] [error] XMLSyntaxError: None
restarting httpd fixed the issue. Thanks!
Looking into apache never occurred to me, freeipa really is a web service
although it provides infrastructure services.
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160907/6f36ed70/attachment.htm>
More information about the Freeipa-users
mailing list