[Pki-users] getting NEED_TO_NOTIFY_ISSUED_SAVE_FAILED with dogtag-submit

Steve Neuharth steve at sylvation.com
Sat Apr 4 18:53:04 UTC 2015


Hello,

I'm using the following configuration with certmonger:







*id=Dogtagca_aka=Dogtag (certmonger
0.76.8)ca_is_default=0ca_type=EXTERNALca_external_helper=/usr/libexec/certmonger/dogtag-submit
-E https://dogtag.test.org:8443/ca/ee/ca
<https://dogtag.test.org:8443/ca/ee/ca> -A
https://dogtag.test.org:8443/ca/agent/ca
<https://dogtag.test.org:8443/ca/agent/ca> -i /root/ca.crt*
I'm able to submit a request like this:


*getcert request -k /tmp/getcert.key -f /tmp/getcert.crt -c Dogtag -D
foo.bar.org <http://foo.bar.org>*
but after I refresh the cert requests, it's in
NEED_TO_NOTIFY_ISSUED_SAVE_FAILED status and occasionally shows
START_SAVING_CERT status.














*Request ID '20150403093236':        status:
NEED_TO_NOTIFY_ISSUED_SAVE_FAILED        stuck: no        key pair storage:
type=FILE,location='/tmp/getcert.key'        certificate:
type=FILE,location='/tmp/getcert.crt'        CA: Dogtag
issuer:        subject:        expires: unknown        pre-save
command:        post-save command:        track: yes        auto-renew: yes*
selinux is set to 'permissive' and the perms on /tmp are 777. I cant thonk
of any other reason it would fail to save the cert.

--steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150404/b0a4b33e/attachment.htm>


More information about the Pki-users mailing list