Steps to reproduce: 1. install FreeIPA server with self-signed CA certificate (default) 2. use ipa-cacert-manage to switch to CA certificate signed by external CA 3. use ipa-cacert-manage to to self-signed CA certificate
Expected: Importing the renewed CA certificate, please wait CA certificate successfully renewed The ipa-cacert-manage command was successful
Got: Renewing CA certificate, please wait Error resubmitting certmonger request '20170816133559', please check the request manually The ipa-cacert-manage command failed.
From journalctl -u certmonger:
Traceback (most recent call last): File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 218, in <module> main() File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 212, in main _main() File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 183, in _main db.trust_root_cert(ca_nick, 'C' + ca_flags) TypeError: cannot concatenate 'str' and 'TrustFlags' objects
Metadata Update from @stlaz: - Issue assigned to stlaz
Metadata Update from @stlaz: - Issue tagged with: regression
Metadata Update from @frenaud: - Issue assigned to frenaud (was: stlaz)
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/988
Metadata Update from @pvoborni: - Issue priority set to: critical - Issue set to the milestone: FreeIPA 4.5.4
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1486283
Issue linked to bug 1486283
master:
ipa-4-5:
Metadata Update from @stlaz: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.