On 12/05/2013 03:20 PM, Rob Crittenden wrote: > Michael Mercier wrote: >> Hello, >> >> A few details to begin: >> >> The IPA system consists of 3 servers running on fully patched CentOS >> 6.5 (updated Monday night). DNS is integrated with the IPA system. >> >> ipa-*-3.0.0-37. >> mod_nss-1.0.8-19 >> openssl-1.0.1e-16 >> >> >> The system was upgraded from 2.2 >> >> >> >> Yesterday, I revoked a certificate for an old system and signed a >> certificate for the replacement system (same hostname) with no >> apparent issues. >> >> Today, I am attempting to sign a certificate for a new system and I >> am seeing the following error from the command line (with debug=True >> in /etc/ipa/default.conf): >> >> ipa cert-request <csrfile> >> principal: <hostname> >> >> ipa: ERROR: Certificate operation cannot be completed: Failure >> decoding Certificate Signing Request >> >> The GUI responds with: >> IPA ERROR 4310 >> Certificate operation cannot be completed: Failure decoding >> Certificate Signing Request >> >> I have no issues running 'openssl req -text -noout -verify -in >> <csrfile>’ on the request file. >> >> I did do a 'yum update’ on the system today (after experiencing the >> errors), with openssl and mod_nss being upgraded on all servers. All >> systems were rebooted after the upgrade and the problem still exists. >> >> I did see an older thread with a similar issue, but that seemed to >> involve updating expired certs and Rob did not seem to be able to >> reproduce the error. Maybe I am experiencing the same problem? >> >> Anyone have an idea where a good place to start looking is? > > The Failure decoding is a duplicate error message in a couple of > different places. I'd recommend modifying it per the other thread so > we can know exactly where it failed and why. > > rob > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users
Rob do we need a ticket for that? -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users