ca1's Certificate path length constraint must be at least 1 to allow issuing subCA (this needs to be fixed in ipatests/test_integration/scripts/caless-create-pki)
test_integration/test_caless.py::TestCertinstall::test_http_intermediate_ca FAILED
traceback >>>>>>>>>>>>>>>>>>>>>>>>>>
self = <ipatests.test_integration.test_caless.TestCertinstall object at 0x7f6330373290>
def test_http_intermediate_ca(self): "Install new HTTP certificate issued by intermediate CA" result = self.certinstall('w', 'ca1/subca/server')
assert result.returncode == 0, result.stderr_text E AssertionError: Peer's certificate issuer is not trusted ((SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not recognized.). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. E The ipa-server-certinstall command failed. E E assert 1 == 0 E + where 1 = <pytest_multihost.transport.SSHCommand object at 0x7f6330351b10>.returncode
assert result.returncode == 0, result.stderr_text
E AssertionError: Peer's certificate issuer is not trusted ((SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not recognized.). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. E The ipa-server-certinstall command failed. E E assert 1 == 0 E + where 1 = <pytest_multihost.transport.SSHCommand object at 0x7f6330351b10>.returncode
test_integration/test_caless.py:1371: AssertionError
traceback >>>>>>>>>>>>>>>>>>>>>>>>>> self = <ipatests.test_integration.test_caless.TestCertinstall object at 0x7f6330351c50>
def test_ds_intermediate_ca(self): "Install new DS certificate issued by intermediate CA" result = self.certinstall('d', 'ca1/subca/server')
assert result.returncode == 0, result.stderr_text E AssertionError: Peer's certificate issuer is not trusted ((SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not recognized.). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. E The ipa-server-certinstall command failed. E E assert 1 == 0 E + where 1 = <pytest_multihost.transport.SSHCommand object at 0x7f6330351810>.returncode
E AssertionError: Peer's certificate issuer is not trusted ((SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not recognized.). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. E The ipa-server-certinstall command failed. E E assert 1 == 0 E + where 1 = <pytest_multihost.transport.SSHCommand object at 0x7f6330351810>.returncode
test_integration/test_caless.py:1377: AssertionError
Manual install with properly generated certs works. Removing any trace about blaming FreeIPA server installer :)
It turns out to be a regression: in 4.3 the same test works
Metadata Update from @dkupka: - Issue assigned to dkupka - Issue set to the milestone: FreeIPA 4.4.4
Metadata Update from @mbasti: - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.4.5 (was: FreeIPA 4.4.4)
Tests fixed as a part of https://pagure.io/freeipa/issue/6955
Metadata Update from @stlaz: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.