Issue #5522: IPA certificate auto renewal fail with SSL_ERROR_EXPIRED_CERT_ALERT - freeipa

freeipa

#5522 IPA certificate auto renewal fail with SSL_ERROR_EXPIRED_CERT_ALERT

Closed: insufficientinfo 4 years ago by rcritten. Opened 7 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1286651

Created attachment 1100493
getcert_console.log

Description of problem:
While verifying BZ1277696 encountered following error

[root@dhcp201-135 ~]# getcert list | egrep
"status|expires|Request|subject|ca-error"

<snip>
Request ID '20151130092850':
        status: CA_UNREACHABLE
        ca-error: Server at https://dhcp201-135.testrelm.test/ipa/xml failed
request, will retry: 907 (RPC failed at server.  cannot connect to
'https://dhcp201-135.testrelm.test:443/ca/eeca/ca/profileSubmitSSLClient':
(SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as expired.).
        subject: CN=dhcp201-135.testrelm.test,O=TESTRELM.TEST
        expires: 2025-09-07 11:07:45 UTC

</snip>

Version-Release number of selected component (if applicable):
ipa-server-4.2.0-15.el7_2.3.x86_64


Steps to Reproduce:
1. Install IPA server
2. Change system date closer to expire date
3. check "getcert list" output

pvoborni commented 7 years ago

Assigning to Jan since he already did some investigation together with Abhijeet

Metadata Update from @pvoborni:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.5 backlog

6 years ago

pvoborni commented 6 years ago

Issues related to certificate renewal are the most common. Moving to 4.5.1 to focus on this sooner.

Metadata Update from @pvoborni:
- Assignee reset
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5 backlog)

6 years ago

Metadata Update from @mbasti:
- Issue set to the milestone: FreeIPA 4.5.2 (was: FreeIPA 4.5.1)

6 years ago

mbasti commented 6 years ago

FreeIPA 4.5.1 has been released, moving to FreeIPA 4.5.2 milestone

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.5.3 (was: FreeIPA 4.5.2)

6 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.5.4 (was: FreeIPA 4.5.3)

6 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)

5 years ago

rcritten commented 4 years ago

Closing. The associated BZ was closed with insufficient info.

Metadata Update from @rcritten:
- Issue close_status updated to: insufficientinfo
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.5.5

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Certificate management

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1286651

tester

None

changelog

None

design

None

freeipa

Source Code

#5522 IPA certificate auto renewal fail with SSL_ERROR_EXPIRED_CERT_ALERT Closed: insufficientinfo 4 years ago by rcritten. Opened 7 years ago by pvoborni.

Metadata

#5522 IPA certificate auto renewal fail with SSL_ERROR_EXPIRED_CERT_ALERT

Closed: insufficientinfo 4 years ago by rcritten. Opened 7 years ago by pvoborni.