Hello,

A few details to begin:

The IPA system consists of 3 servers running on fully patched CentOS 6.5 
(updated Monday night).  DNS is integrated with the IPA system.

ipa-*-3.0.0-37.
mod_nss-1.0.8-19
openssl-1.0.1e-16


The system was upgraded from 2.2



Yesterday, I revoked a certificate for an old system and signed a certificate 
for the replacement system (same hostname) with no apparent issues.  

Today, I am attempting to sign a certificate for a new system and I am seeing 
the following error from the command line (with debug=True in 
/etc/ipa/default.conf):

ipa cert-request <csrfile>
principal: <hostname>

ipa: ERROR: Certificate operation cannot be completed: Failure decoding 
Certificate Signing Request

The GUI responds with:
IPA ERROR 4310
Certificate operation cannot be completed: Failure decoding Certificate Signing 
Request

I have no issues running 'openssl req -text -noout -verify -in <csrfile>’ on 
the request file.

I did do a 'yum update’ on the system today (after experiencing the errors), 
with openssl and mod_nss being upgraded on all servers.  All systems were 
rebooted after the upgrade and the problem still exists.

I did see an older thread with a similar issue, but that seemed to involve 
updating expired certs and Rob did not seem to be able to reproduce the error.  
Maybe I am experiencing the same problem?

Anyone have an idea where a good place to start looking is?

Thanks,
Mike

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to