Hello, A few details to begin:
The IPA system consists of 3 servers running on fully patched CentOS 6.5 (updated Monday night). DNS is integrated with the IPA system. ipa-*-3.0.0-37. mod_nss-1.0.8-19 openssl-1.0.1e-16 The system was upgraded from 2.2 Yesterday, I revoked a certificate for an old system and signed a certificate for the replacement system (same hostname) with no apparent issues. Today, I am attempting to sign a certificate for a new system and I am seeing the following error from the command line (with debug=True in /etc/ipa/default.conf): ipa cert-request <csrfile> principal: <hostname> ipa: ERROR: Certificate operation cannot be completed: Failure decoding Certificate Signing Request The GUI responds with: IPA ERROR 4310 Certificate operation cannot be completed: Failure decoding Certificate Signing Request I have no issues running 'openssl req -text -noout -verify -in <csrfile>’ on the request file. I did do a 'yum update’ on the system today (after experiencing the errors), with openssl and mod_nss being upgraded on all servers. All systems were rebooted after the upgrade and the problem still exists. I did see an older thread with a similar issue, but that seemed to involve updating expired certs and Rob did not seem to be able to reproduce the error. Maybe I am experiencing the same problem? Anyone have an idea where a good place to start looking is? Thanks, Mike _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
