A few details to begin:
The IPA system consists of 3 servers running on fully patched CentOS 6.5
(updated Monday night). DNS is integrated with the IPA system.
The system was upgraded from 2.2
Yesterday, I revoked a certificate for an old system and signed a certificate
for the replacement system (same hostname) with no apparent issues.
Today, I am attempting to sign a certificate for a new system and I am seeing
the following error from the command line (with debug=True in
ipa cert-request <csrfile>
ipa: ERROR: Certificate operation cannot be completed: Failure decoding
Certificate Signing Request
The GUI responds with:
IPA ERROR 4310
Certificate operation cannot be completed: Failure decoding Certificate Signing
I have no issues running 'openssl req -text -noout -verify -in <csrfile>’ on
the request file.
I did do a 'yum update’ on the system today (after experiencing the errors),
with openssl and mod_nss being upgraded on all servers. All systems were
rebooted after the upgrade and the problem still exists.
I did see an older thread with a similar issue, but that seemed to involve
updating expired certs and Rob did not seem to be able to reproduce the error.
Maybe I am experiencing the same problem?
Anyone have an idea where a good place to start looking is?
Freeipa-users mailing list