Bug 1127838

Summary: ipa-server-install crashes when installed with external certificate
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: pki-coreAssignee: Endi Sukma Dewata <edewata>
Status: CLOSED DUPLICATE QA Contact: Asha Akkiangady <aakkiang>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: alee, arubin, cfu, edewata, jcholast, ksiddiqu, nkinder
Target Milestone: rc   
Target Release: 7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-21 22:11:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1224623    
Bug Blocks: 1111320    

Description Martin Kosek 2014-08-07 16:20:56 UTC 
Description of problem:

This Bug is a follow up for Bug id=1111320. IPA install with Dogtag 10 fails with IndexError even when PKCS#7 file is used.

For the record, the content of the PKCS#7 file is:

-----BEGIN PKCS7-----
MIIEjwYJKoZIhvcNAQcCoIIEgDCCBHwCAQExADALBgkqhkiG9w0BBwGgggRiMIIC
JzCCAZCgAwIBAgIBATANBgkqhkiG9w0BAQUFADAsMR0wGwYDVQQKExRFeGFtcGxl
IE9yZ2FuaXphdGlvbjELMAkGA1UEAxMCQ0EwHhcNMTQwNzE0MjE0MzExWhcNMjQw
NzE0MjE0MzExWjAsMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlvbjELMAkG
A1UEAxMCQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALxaSfkg9okpzCgl
S4+GvdkzXqgYpQm6J3ZrrIbG3Lm+Kikg4kpyzQONWkdo8INbAoV8JCOpP2US6Wr0
QVK02i4izquohE8F8SEJ6T/A5GB/onmDTP0tQbd+F7z9+C+2MPLKUiAMCh0I/8AH
6Cva923YU5XGdTDwKTriROM5zQABAgMBAAGjWTBXMA4GA1UdDwEB/wQEAwIBxjAP
BgNVHRMBAf8EBTADAQH/MDQGA1UdHwQtMCswKaAnoCWGI2ZpbGU6Ly8vaG9tZS9q
Y2hvbGFzdC9uc3NkYi9jYTEuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAH4tGww6DQwC
3ZHbx6UBLR0aI2rwOjMz1KQzV0UOxH0cr+HVjGr6m9ROl19VdvHKHsMxXSka1qsO
Esy1dYLVZF4yH0t33I9P8XCf3G+GQAS9EQApgWvgfaMjHp2nWRWtlci5IJo8tA5G
jmCEi4Rri+MFYvaxnIk/D13alg9yu2HgMIICMzCCAZygAwIBAgICaokwDQYJKoZI
hvcNAQEFBQAwLDEdMBsGA1UEChMURXhhbXBsZSBPcmdhbml6YXRpb24xCzAJBgNV
BAMTAkNBMB4XDTE0MDcxNDIxNDMyMVoXDTI0MDcxNDIxNDMyMVowNzEoMCYGA1UE
ChMfU3Vic2lkaWFyeSBFeGFtcGxlIE9yZ2FuaXphdGlvbjELMAkGA1UEAxMCQ0Ew
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOkv1uOGG1Pj41RarZSIRl3MM212
MsiRP1vikF5ykfD3NuoRwJGQ6WJ3lt/fDHwjcRmTbx0aEypsnI8xCwMYW2jOEZnp
ybqNDuxPNCWFjNHI+WNlCH1nhSCtVEvorujm7H7pycVRLhuPl7VRxnUzsjz/qQu1
/VHzXl/D+KezAJG9AgMBAAGjWTBXMA4GA1UdDwEB/wQEAwIBxjAPBgNVHRMBAf8E
BTADAQH/MDQGA1UdHwQtMCswKaAnoCWGI2ZpbGU6Ly8vaG9tZS9qY2hvbGFzdC9u
c3NkYi9jYTEuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAFNEil6AfYRLgZBzK2FzB400
ssz/myfnZdPDJ9QwW31hkcriVuDsfblrWDCGiKNv7GjsDmZGreWeqTQO62bg9nq0
AfLKvKIt8byjRAN4Rj36Ad8068YAhkQ5fbNC7aXs5LVIUnLUyYo4NPWVzqiahqvS
kAd2/yfY9UntQY+eDT1aoQAxAA==
-----END PKCS7-----


Version-Release number of selected component (if applicable):
pki-ca-10.0.5-3.el7.noarch
ipa-server-3.3.3-28.el7.x86_64

How reproducible:
Always

Steps to reproduce:
# ipa-server-install --external-ca
# ipa-server-install --external_cert_file=pkcs7.signed-file --external_ca_file=ca-cert.pem

Actual results:
  [16/22]: restarting certificate server
  [17/22]: requesting RA certificate from CA
Unexpected error - see /var/log/ipaserver-install.log for details:
IndexError: list index out of range
Comment 9 Matthew Harmsen 2014-08-18 22:25:37 UTC 
Upstream ticket:
https://fedorahosted.org/pki/ticket/1111
Comment 13 Matthew Harmsen 2015-07-10 15:52:00 UTC 
Moving to RHEL 7.3
Comment 15 Matthew Harmsen 2016-01-06 22:28:58 UTC 
Per discussions in the RHEL 7.3 Triage meeting of 01/06/2016: priority low
Comment 16 Endi Sukma Dewata 2016-04-21 22:11:12 UTC 
This is already fixed as part of bug #1289323.

*** This bug has been marked as a duplicate of bug 1289323 ***