Bug 1253009
Summary: | error message shown in /var/log/message even with successful request | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Kaleem <ksiddiqu> | |
Component: | certmonger | Assignee: | Rob Crittenden <rcritten> | |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | medium | |||
Version: | --- | CC: | asakure, mkosek, myusuf, ndehadra, nsoman, pcech, pvoborni, rcritten, ssidhaye | |
Target Milestone: | rc | Keywords: | TestCaseNeeded, Triaged | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | certmonger-0.79.13-1.el8 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1969854 (view as bug list) | Environment: | ||
Last Closed: | 2021-05-18 15:49:54 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1969854 |
Description
Kaleem
2015-08-12 17:34:52 UTC
Thank you taking your time and submitting this request for Red Hat Enterprise Linux 7. Unfortunately, this bug cannot be kept even as a stretch goal and was postponed to RHEL8. Upstream PR https://pagure.io/certmonger/pull-request/170 Fixed in upstream master: 8a4778325f6c7ed030e203308a145c193c48c4b4 [root@ci-vm-10-0-138-33 ~]# cat /etc/redhat-release Red Hat Enterprise Linux release 8.4 Beta (Ootpa) [root@ci-vm-10-0-138-33 ~]# rpm -q certmonger ipa-server certmonger-0.79.13-2.el8.x86_64 ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64 [root@ci-vm-10-0-138-33 ~]# /usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -C > /etc/pki/tls/certs/rw.crt [root@ci-vm-10-0-138-33 ~]# getcert add-scep-ca -c scep-ca -u http://interop.redwax.eu/test/simple/scep -I /etc/pki/tls/certs/rw.crt New CA "scep-ca" added. [root@ci-vm-10-0-138-33 ~]# getcert list-cas -c scep-ca CA 'scep-ca': is-default: no ca-type: EXTERNAL helper-location: /usr/libexec/certmonger/scep-submit -u http://interop.redwax.eu/test/simple/scep -I /etc/pki/tls/certs/rw.crt SCEP CA certificate thumbprint (MD5): 9B3BB9A9 0EFDCDB9 3434F633 54240F40 SCEP CA certificate thumbprint (SHA1): 14AC57D3 5562DA67 0490F9C1 A76696BE 1162B5AA [root@ci-vm-10-0-138-33 ~]# getcert request -f /etc/pki/tls/certs/test.example.com.cert -k /etc/pki/tls/private/test.example.com.key -c "scep-ca" -I test.example.com -D test.example.com -G rsa -g 2048 -u digitalSignature -u keyEncipherment -L challenge New signing request "test.example.com" added. [root@ci-vm-10-0-138-33 ~]# [root@ci-vm-10-0-138-33 ~]# getcert list -i test.example.com Number of certificates and requests being tracked: 10. Request ID 'test.example.com': status: MONITORING stuck: no key pair storage: type=FILE,location='/etc/pki/tls/private/test.example.com.key' certificate: type=FILE,location='/etc/pki/tls/certs/test.example.com.cert' signing request thumbprint (MD5): E4BFE917 ABF389F2 5D1BAC12 7262881C signing request thumbprint (SHA1): 2BA4C099 69ACCA09 46054399 8E8AE4E4 5C921A71 CA: scep-ca issuer: O=Redwax Project,CN=Redwax Interop Testing Root Certificate Authority 2040 subject: CN=ci-vm-10-0-138-33.hosted.upshift.rdu2.redhat.com expires: 2020-12-22 00:13:29 EST key usage: digitalSignature,nonRepudiation,keyEncipherment eku: id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes [root@ci-vm-10-0-138-33 ~]# tail -n 5 /var/log/messages Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: E4tbS+xSWHxfhjonLEk6H5sZwFu8hJeV Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: -----END PKCS7----- Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: " for child. Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: 2020-12-21 00:13:32 [12885] Redirecting stdin to /dev/null, leaving stdout and stderr open for child "/usr/libexec/certmonger/scep-submit". Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: 2020-12-21 00:13:32 [12885] Running enrollment helper "/usr/libexec/certmonger/scep-submit". [root@ci-vm-10-0-138-33 ~]# tail -n 15 /var/log/messages Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: DgQWBBThFnDZ68RThniyYwmDTEQzZEhSJDAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAOGK0hL4+g3wYsvp6vvv Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: GonX6sw8OyJhlsDkmmfLV1ZOvTqVXiElxNTu6XNjsiwc/3AeG/Tq/2OPR7ozs5Ah Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: xSplD1RqaY9i8BLEbJIErhuYgF28Y9+1YxLehYRGnXnjv5J5ec52KK+k1Js5Uu4n Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: dPmWKH/GQINhXyN1ejLBjJrsCMAeNcliiCL6YEhZw3kJnt0JAtPo5OzWSSO/lIM6 Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: w3HquyAH6M/qRQTCJ2LpSpm8fHeS7IaLCqdVPuKPh/NCiv7DhwS4bV0EbCxXz5UQ Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: +JxU1GcMUpaGss7ctRD9bC7alwGNXtdvHhXdDzfEW1IS2lb3DZTSfrY6JC2i463h Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: Ieg= Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: -----END CERTIFICATE----- Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: ". Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: 2020-12-21 00:13:32 [10641] Certificate issued (0 chain certificates, 0 roots). Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: 2020-12-21 00:13:32 [10641] No hooks set for pre-save command. Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[12891]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[10641]: 2020-12-21 00:13:32 [10641] No hooks set for post-save command. Dec 21 00:13:32 ci-vm-10-0-138-33 certmonger[12892]: Certificate in file "/etc/pki/tls/certs/test.example.com.cert" issued by CA and saved. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (certmonger bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1851 |