Thanks for the tip, I am using whatever is in current fedora, which is 0.76
or similar version. I'll give an updated version a shot.

I had similar results with ubuntu's 0.75.x

2015-05-19 16:30 GMT+02:00 Nalin Dahyabhai <>:

> On Tue, May 19, 2015 at 12:34:47PM +0200, marcin kowalski wrote:
> > Hi, all. I am trying to integrate certmonger with dogtag instance, and so
> > far i've stumbled on one odd problem. Hopefully this is the right list.
> >
> > I've generated some random cert with getcert request, it has communicated
> > with dogtag, and i approved it there.
> >
> > However, when certmonger retrieves it, it cannot save it to disk (
> >
> > Upon inspection of certmonger's request file (in
> > /var/lib/certmonger/requests ), it turns out that there is an extra empty
> > line before end certificate marker line.  There is no such line when
> > looking at the cert in dogtag web interface.
> >
> > Is there some method/hook i could use to post process such request files
> to
> > fix them up?
> There's no hook for doing that with the data files themselves, because
> they're meant to be internal details of the implementation, but the data
> coming back from the enrollment helper, which is what's malformed to
> begin with, can be corrected at the point when the helper is run.
> Essentially, you'd replace the configured call to dogtag-submit with a
> script or other program that checked $CERTMONGER_OPERATION for the
> values "SUBMIT" and "POLL", ran the dogtag-submit helper, filtered its
> output to fix this mistake, and returned the helper's exit status to
> keep things in line with the daemon's expectations.
> Though, if you're running something older than 0.77, please give 0.77.4
> (currently in testing for Fedora 20 and 21) or a development snapshot
> (from the ipa-devel repo) a try.  The 0.77 release had a lot of its
> parsing reworked as part of adding support for SCEP reply formats, which
> I think fixed this.  The development snapshots add more authentication
> options to the generic Dogtag helper which you may also want, depending
> on the enrollment profile you're using.
> HTH,
> Nalin
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to