On 12/05/2013 03:20 PM, Rob Crittenden wrote:
> Michael Mercier wrote:
>> A few details to begin:
>> The IPA system consists of 3 servers running on fully patched CentOS
>> 6.5 (updated Monday night). DNS is integrated with the IPA system.
>> The system was upgraded from 2.2
>> Yesterday, I revoked a certificate for an old system and signed a
>> certificate for the replacement system (same hostname) with no
>> apparent issues.
>> Today, I am attempting to sign a certificate for a new system and I
>> am seeing the following error from the command line (with debug=True
>> in /etc/ipa/default.conf):
>> ipa cert-request <csrfile>
>> principal: <hostname>
>> ipa: ERROR: Certificate operation cannot be completed: Failure
>> decoding Certificate Signing Request
>> The GUI responds with:
>> IPA ERROR 4310
>> Certificate operation cannot be completed: Failure decoding
>> Certificate Signing Request
>> I have no issues running 'openssl req -text -noout -verify -in
>> <csrfile>’ on the request file.
>> I did do a 'yum update’ on the system today (after experiencing the
>> errors), with openssl and mod_nss being upgraded on all servers. All
>> systems were rebooted after the upgrade and the problem still exists.
>> I did see an older thread with a similar issue, but that seemed to
>> involve updating expired certs and Rob did not seem to be able to
>> reproduce the error. Maybe I am experiencing the same problem?
>> Anyone have an idea where a good place to start looking is?
> The Failure decoding is a duplicate error message in a couple of
> different places. I'd recommend modifying it per the other thread so
> we can know exactly where it failed and why.
> Freeipa-users mailing list
Rob do we need a ticket for that?
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list