On 02/10/2015 12:35 PM, marcin kowalski wrote:
Hi all, i'm getting dogtag figured out slowly, and i noticed one odd
thing.
I've setup certmonger to request an arbitrary certificate through
dogtag, and while the request seems to go into the dogtag system,
certmonger acts as if communication with the CA failed. The
certificate is considered in need of user attention because the
process got stuck.
Request ID '20150210125814':
status: NEED_GUIDANCE
stuck: yes
key pair storage: type=FILE,location='/etc/pki/testkey'
certificate: type=FILE,location='/etc/pki/testcert'
CA: dogtag-ipa
issuer:
subject:
expires: unknown
pre-save command:
post-save command:
track: yes
auto-renew: yes
[root@fedora pki]# systemctl status -l certmonger
(....)
lut 10 13:57:04 fedora.box.net <http://fedora.box.net>
certmonger[7845]: Request for certificate to be stored in file
"/etc/pki/testcert" rejected by CA.
The request is present in dogtag and is valid, can be
accepted/rejected, etc. Even though certmonger never notices that. I
wonder if there is some obvious mistake in my setup, or perhaps there
is known bug in interaction of both components on F21 (i'm using only
standard repositories).
When i post the query from certmonger's agent defined in ca definition
through curl, i get no errors.
What would be the best way to debug this issue?
Can you post your certmonger get-cert command?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project