Thanks for the tip, I am using whatever is in current fedora, which is 0.76 or similar version. I'll give an updated version a shot.
I had similar results with ubuntu's 0.75.x 2015-05-19 16:30 GMT+02:00 Nalin Dahyabhai <[email protected]>: > On Tue, May 19, 2015 at 12:34:47PM +0200, marcin kowalski wrote: > > Hi, all. I am trying to integrate certmonger with dogtag instance, and so > > far i've stumbled on one odd problem. Hopefully this is the right list. > > > > I've generated some random cert with getcert request, it has communicated > > with dogtag, and i approved it there. > > > > However, when certmonger retrieves it, it cannot save it to disk ( > > NEED_TO_NOTIFY_ISSUED_SAVE_FAILED ) > > > > Upon inspection of certmonger's request file (in > > /var/lib/certmonger/requests ), it turns out that there is an extra empty > > line before end certificate marker line. There is no such line when > > looking at the cert in dogtag web interface. > > > > Is there some method/hook i could use to post process such request files > to > > fix them up? > > There's no hook for doing that with the data files themselves, because > they're meant to be internal details of the implementation, but the data > coming back from the enrollment helper, which is what's malformed to > begin with, can be corrected at the point when the helper is run. > > Essentially, you'd replace the configured call to dogtag-submit with a > script or other program that checked $CERTMONGER_OPERATION for the > values "SUBMIT" and "POLL", ran the dogtag-submit helper, filtered its > output to fix this mistake, and returned the helper's exit status to > keep things in line with the daemon's expectations. > > Though, if you're running something older than 0.77, please give 0.77.4 > (currently in testing for Fedora 20 and 21) or a development snapshot > (from the ipa-devel repo) a try. The 0.77 release had a lot of its > parsing reworked as part of adding support for SCEP reply formats, which > I think fixed this. The development snapshots add more authentication > options to the generic Dogtag helper which you may also want, depending > on the enrollment profile you're using. > > HTH, > > Nalin >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
