When testing the new FreeIPA Sub-CA feature, I tried to add new sub-CA with subject "O=VPN,O=DEMO1.FREEIPA.ORG". I received a nasty internal error with no further clarification:
[Mon Jun 27 14:21:06.045992 2016] [wsgi:error] [pid 1400] ipa: INFO: [jsonserver_session] admin@DEMO1.FREEIPA.ORG: ca_add(u'VPN', ipacasubjectdn=u'O=VPN,O=DEMO1.FREEIPA.ORG', version=u'2.199'): RemoteRetrieveError
Using the command with proper subject worked:
[Mon Jun 27 14:22:58.060855 2016] [wsgi:error] [pid 1400] ipa: INFO: [jsonserver_session] admin@DEMO1.FREEIPA.ORG: ca_add(u'VPN', ipacasubjectdn=u'CN=Certificate Authority,O=VPN,O=DEMO1.FREEIPA.ORG', version=u'2.199'): SUCCESS
Thanks for reporting.
Needs a fix on the Dogtag side (patch imminent). Ticket: https://fedorahosted.org/pki/ticket/2388
4.4.0 was released, moving open tickets to 4.4.1
Dogtag patch was released in 10.3.4 (fedora package 10.3.3-3), which is now depended on.
Closing; please reopen if behaviour is not what's expected.
Metadata Update from @mkosek: - Issue assigned to ftweedal - Issue set to the milestone: FreeIPA 4.4.1
Login to comment on this ticket.