[Pki-users] getting NEED_TO_NOTIFY_ISSUED_SAVE_FAILED with dogtag-submit
Steve Neuharth
steve at sylvation.com
Sat Apr 4 20:35:08 UTC 2015
hmmm. strange. I see that the cert is indeed being fetched and put into the
request file in /var/lib/certmonger/requests. Why isn't it making it to the
final destination in /tmp/getcert.crt?
Verbose logging also tells me nothing about why it's not working but I do
see this in /var/log/messages:
*Apr 3 06:14:36 dogtag certmonger: Certificate in file "/tmp/getcert.crt"
issued by CA but not saved.*
ideas?
On Sat, Apr 4, 2015 at 1:53 PM, Steve Neuharth <steve at sylvation.com> wrote:
> Hello,
>
> I'm using the following configuration with certmonger:
>
>
>
>
>
>
>
> *id=Dogtagca_aka=Dogtag (certmonger
> 0.76.8)ca_is_default=0ca_type=EXTERNALca_external_helper=/usr/libexec/certmonger/dogtag-submit
> -E https://dogtag.test.org:8443/ca/ee/ca
> <https://dogtag.test.org:8443/ca/ee/ca> -A
> https://dogtag.test.org:8443/ca/agent/ca
> <https://dogtag.test.org:8443/ca/agent/ca> -i /root/ca.crt*
> I'm able to submit a request like this:
>
>
> *getcert request -k /tmp/getcert.key -f /tmp/getcert.crt -c Dogtag -D
> foo.bar.org <http://foo.bar.org>*
> but after I refresh the cert requests, it's in
> NEED_TO_NOTIFY_ISSUED_SAVE_FAILED status and occasionally shows
> START_SAVING_CERT status.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Request ID '20150403093236': status:
> NEED_TO_NOTIFY_ISSUED_SAVE_FAILED stuck: no key pair storage:
> type=FILE,location='/tmp/getcert.key' certificate:
> type=FILE,location='/tmp/getcert.crt' CA: Dogtag
> issuer: subject: expires: unknown pre-save
> command: post-save command: track: yes auto-renew: yes*
> selinux is set to 'permissive' and the perms on /tmp are 777. I cant thonk
> of any other reason it would fail to save the cert.
>
> --steve
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150404/1f541351/attachment.htm>
More information about the Pki-users
mailing list