Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1385816
Description of problem: ipa-cacert-manage renew on replica fails Version-Release number of selected component (if applicable): ipa-server-4.4.0-12.el7 How reproducible: Always Steps to Reproduce: 1.Install IPA Master/Replica 2.ipa-cacert-manage renew on Replica Actual results: Renew CA Cert on Replica fails Expected results: Renew CA Cert on Replica succeeds Additional info: On replica: [root@bkr-hv03-guest43 ~]# ipa-cacert-manage renew Renewing CA certificate, please wait Error resubmitting certmonger request '20161017145558', please check the request manually After manually resubmitting the request , it works: [root@bkr-hv03-guest43 ~]# ipa-getcert resubmit -i 20161017145558 Resubmitting "20161017145558" to "dogtag-ipa-ca-renew-agent". [root@bkr-hv03-guest43 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w $ROOTDNPWD -b cn=CA,cn=$REPLICA,cn=masters,cn=ipa,cn=etc,$BASEDN | grep caRenewalMaster ipaConfigString: caRenewalMaster
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @mbasti: - Issue close_status updated to: None - Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)
Issue not reproducible after commit 052de43. Probably fixed when the IPA RA certificate was moved from the NSS database /etc/httpd/alias to paths.RA_AGENT_PEM
Metadata Update from @frenaud: - Issue close_status updated to: worksforme - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.