[Freeipa-users] Freeipa web UI: An error has occurred (IPA Error 4302: CertificateFormatError)

[Rob Crittenden]

Andrew Krause wrote:
> Sorry for the self bump but no one has any insight on this?
> 
> 
>> On Apr 17, 2017, at 11:31 AM, Andrew Krause <andrew.krause at breakthroughfuel.com> wrote:
>>
>> Many hosts in our web ui show a null status for “enrolled”.  When you do a search that includes any of these host objects the web UI posts errors, and if you click on one of the problem hosts the same error stops anything from loading on the host page.  
>>
>> I’ve been trying to solve this problem on my own for quite some time and have not been successful.  It’s impossible to remove the host through the web UI and using CLI commands seem to remove the entry from IPA (host is not found with ipa host-find), but it is still visible in the UI.  One thing that may be common with all of these hosts is that they were enrolled with our IPA system back while we were running version 3.0 and likely have had issues for quite some time.  Multiple updates have happened since then, and all of our hosts added within the last year are working fine.  I suspect there’s an issue with a path somewhere for a certificate database, but I’m unable to pinpoint what is going wrong.  

It should not be possible to have different views in the UI and the CLI
since they make the same backend calls. What you'd want to do, hopefully
on a semi-quiet system, is to do a host-find on the CLI and then list
all hosts in the UI and compare the logs in /var/log/httpd/error_log and
look at the LDAP queries in /var/log/dirsrv/slapd-REALM/access (this is
a buffered log so be patient).

They should be doing more or less the exact same set of queries.

Very doubtful that this has anything to do with certs. Anything on the
client would be completely separate from what is on the server.

One thing you may be seeing though is that in 3.0 clients a host
certificate was obtained for it. This was dropped with 4.0, but it
wouldn't affect any visibility on the server.

rob