[Pki-users] getting NEED_TO_NOTIFY_ISSUED_SAVE_FAILED with dogtag-submit
Nalin Dahyabhai
nalin at redhat.com
Tue Apr 7 14:25:23 UTC 2015
On Sat, Apr 04, 2015 at 03:35:08PM -0500, Steve Neuharth wrote:
> hmmm. strange. I see that the cert is indeed being fetched and put into the
> request file in /var/lib/certmonger/requests. Why isn't it making it to the
> final destination in /tmp/getcert.crt?
>
> Verbose logging also tells me nothing about why it's not working but I do
> see this in /var/log/messages:
>
>
> *Apr 3 06:14:36 dogtag certmonger: Certificate in file "/tmp/getcert.crt"
> issued by CA but not saved.*
> ideas?
Check if the data coming back from the server has extra "noise" in front
of or after it -- or a blank line somewhere in between -- when it's
recorded in the request file in /var/lib/certmonger/requests. The logic
for saving to a file can get tripped up by that sort of problem, and it
doesn't crop up until we get to that step.
One of the things that happened as part of the SCEP work was that the
output from the helper is now cleaned up much more thoroughly by the
daemon before it's saved to its request file, so 0.77 won't have that
problem.
If that isn't the cause, running the daemon directly with its debugging
flags (I tend to use -d3 most often) should hopefully turn up some
details on what the cause of the error is.
HTH,
Nalin
More information about the Pki-users
mailing list