#7106 TypeError in renew_ca_cert prevents from swiching back to self-signed CA
Closed: fixed 4 years ago Opened 5 years ago by dkupka.

Steps to reproduce:
1. install FreeIPA server with self-signed CA certificate (default)
2. use ipa-cacert-manage to switch to CA certificate signed by external CA
3. use ipa-cacert-manage to to self-signed CA certificate

Expected:
Importing the renewed CA certificate, please wait
CA certificate successfully renewed
The ipa-cacert-manage command was successful

Got:
Renewing CA certificate, please wait
Error resubmitting certmonger request '20170816133559', please check the request manually
The ipa-cacert-manage command failed.

From journalctl -u certmonger:

Traceback (most recent call last): 
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 218, in <module>
  main()
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 212, in main
  _main()
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 183, in _main
  db.trust_root_cert(ca_nick, 'C' + ca_flags)                                                                                                       
TypeError: cannot concatenate 'str' and 'TrustFlags' objects

Metadata Update from @stlaz:
- Issue assigned to stlaz

5 years ago

Metadata Update from @stlaz:
- Issue tagged with: regression

5 years ago

Metadata Update from @frenaud:
- Issue assigned to frenaud (was: stlaz)

4 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/988

4 years ago

Metadata Update from @pvoborni:
- Issue priority set to: critical
- Issue set to the milestone: FreeIPA 4.5.4

4 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1486283

4 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1486283

4 years ago

master:

  • ee5345a Fix Certificate renewal (with ext ca)

ipa-4-5:

  • 85d5611 Backport PR 988 to ipa-4-5 Fix Certificate renewal (with ext ca)

Metadata Update from @stlaz:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata