#6459 ipa-cacert-manage renew on replica fails
Closed: worksforme 7 years ago Opened 7 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1385816

Description of problem:
ipa-cacert-manage renew on replica fails

Version-Release number of selected component (if applicable):
ipa-server-4.4.0-12.el7

How reproducible:
Always

Steps to Reproduce:
1.Install IPA Master/Replica
2.ipa-cacert-manage renew on Replica

Actual results:
Renew CA Cert on Replica fails

Expected results:
Renew CA Cert on Replica succeeds

Additional info:
On replica:
[root@bkr-hv03-guest43 ~]# ipa-cacert-manage renew
Renewing CA certificate, please wait
Error resubmitting certmonger request '20161017145558', please check the
request manually

After manually resubmitting the request , it works:
[root@bkr-hv03-guest43 ~]# ipa-getcert resubmit -i 20161017145558
Resubmitting "20161017145558" to "dogtag-ipa-ca-renew-agent".
[root@bkr-hv03-guest43 ~]# ldapsearch -xLLL -D "cn=Directory Manager" -w
$ROOTDNPWD -b cn=CA,cn=$REPLICA,cn=masters,cn=ipa,cn=etc,$BASEDN | grep
caRenewalMaster
ipaConfigString: caRenewalMaster

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5

7 years ago

Metadata Update from @mbasti:
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)

7 years ago

Issue not reproducible after commit 052de43. Probably fixed when the IPA RA certificate was moved from the NSS database /etc/httpd/alias to paths.RA_AGENT_PEM

Metadata Update from @frenaud:
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)

7 years ago

Login to comment on this ticket.

Metadata