ipa-cacert-manage renew --self-signed fails when switching from an externally signed CA to a self-signed CA.
In order to reproduce 1. install ipa server with --external-ca option 2. renew the CA cert as self-signed with ipa-cacert-manage renew --self-signed
The command exits on error with:
$ sudo ipa-cacert-manage renew --self-signed Renewing CA certificate, please wait Error resubmitting certmonger request '20170929123437', please check the request manually The ipa-cacert-manage command failed. $ sudo getcert list -i 20170929123437 Number of certificates and requests being tracked: 9. Request ID '20170929123437': status: MONITORING ca-error: Updated certificate not available
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1119
Metadata Update from @tkrizek: - Issue priority set to: normal - Issue set to the milestone: FreeIPA 4.5.4
master:
ipa-4-5:
ipa-4-6:
Metadata Update from @tkrizek: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.