Red Hat Bugzilla – Bug 1166931
RHEL7.1 ipa automatic CA cert renewal stuck in submitting state
Last modified: 2015-03-05 05:15:42 EST
Description of problem: Automatic CA Cert renewal for self signed IPA is hanging in a submitting state. [root@vm4 ~]# getcert list -d /etc/pki/pki-tomcat/alias -n 'caSigningCert cert-pki-ca' Number of certificates and requests being tracked: 8. Request ID '20141122001822': status: SUBMITTING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin='358974620032' certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=EXAMPLE.TEST subject: CN=Certificate Authority,O=EXAMPLE.TEST expires: 2034-11-22 00:17:49 UTC key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save command: post-save command: track: yes auto-renew: yes I walked the time forward to within 6 days of CA expiration and it goes through to this point. But, certmonger is trying repeatedly to submit and is never getting passed this state. Version-Release number of selected component (if applicable): ipa-server-4.1.0-7.el7.x86_64 certmonger-0.75.14-2.el7.x86_64 How reproducible: Steps to Reproduce: 1. Install IPA Master 2. getcert list | grep expires 3. Change date to closest to let certs expire as expected 4. getcert list 5. Check that certs submit and renew 6. getcert resubmit -i <id> for any certs that don't submit 7. repeat until all certs in MONITORING state 8. change date forward again and repeat until you reach CA cert expiration Actual results: stuck in submitting state shown above. I don't see it go to monitoring state. Expected results: cert should change from submitting to monitoring. Additional info: [root@vm4 ~]# tail -10 /var/log/messages Nov 16 01:42:09 vm4 dogtag-ipa-ca-renew-agent-submit: Forwarding request to dogtag-ipa-renew-agent Nov 16 01:42:09 vm4 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent returned 5 Nov 16 01:42:10 vm4 dogtag-ipa-ca-renew-agent-submit: Forwarding request to dogtag-ipa-renew-agent Nov 16 01:42:10 vm4 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent returned 5 Nov 16 01:42:12 vm4 dogtag-ipa-ca-renew-agent-submit: Forwarding request to dogtag-ipa-renew-agent Nov 16 01:42:13 vm4 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent returned 5 Nov 16 01:42:14 vm4 dogtag-ipa-ca-renew-agent-submit: Forwarding request to dogtag-ipa-renew-agent Nov 16 01:42:14 vm4 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent returned 5 Nov 16 01:42:15 vm4 dogtag-ipa-ca-renew-agent-submit: Forwarding request to dogtag-ipa-renew-agent Nov 16 01:42:15 vm4 dogtag-ipa-ca-renew-agent-submit: dogtag-ipa-renew-agent returned 5
Created attachment 960031 [details] all of /var/log from vm with issue
Here's the request info: [root@vm4 ~]# cat /var/lib/certmonger/requests/20141122001822 id=20141122001822 key_type=RSA key_gen_type=RSA key_size=2048 key_gen_size=2048 key_storage_type=NSSDB key_storage_location=/etc/pki/pki-tomcat/alias key_token=NSS Certificate DB key_nickname=caSigningCert cert-pki-ca key_pin=358974620032 key_pubkey=3082010A0282010100E2B268DDBBB3CBC28A6EED45C317144B3356355EE6E77F4311758DC438BFAB4DBCC78D3B2292D1B8F26A935EB34A638927D01AFF54583431683CD9D8CE9AC79486A49CD4FD4869561ED422080BDEBC2C5A7FDF5AF76B6E4FF4CB881B52DDB482F61BD09E9F155BA24AB23E2CDBB51387E11758358EF41A61737D1AF2E785CAF70109FD89A147DC0CE2CEC13F18E2345930D5B15C78924621749AD9F2C8D38393A325FA4A9C61FE5DCAE1AEFF7F282ADBD4017FE3329FE4A71B4EA7D01F92FA91AB21ECA56B73A5DA400F578B49E4AC4369D6998F762058B926B2D8C5E42F9C5CE1AAD021E25E76C62864F8D2FF5EC130CA65ECC931D923DD1A953F8B5B13516F0203010001 key_pubkey_info=30820122300D06092A864886F70D01010105000382010F003082010A0282010100E2B268DDBBB3CBC28A6EED45C317144B3356355EE6E77F4311758DC438BFAB4DBCC78D3B2292D1B8F26A935EB34A638927D01AFF54583431683CD9D8CE9AC79486A49CD4FD4869561ED422080BDEBC2C5A7FDF5AF76B6E4FF4CB881B52DDB482F61BD09E9F155BA24AB23E2CDBB51387E11758358EF41A61737D1AF2E785CAF70109FD89A147DC0CE2CEC13F18E2345930D5B15C78924621749AD9F2C8D38393A325FA4A9C61FE5DCAE1AEFF7F282ADBD4017FE3329FE4A71B4EA7D01F92FA91AB21ECA56B73A5DA400F578B49E4AC4369D6998F762058B926B2D8C5E42F9C5CE1AAD021E25E76C62864F8D2FF5EC130CA65ECC931D923DD1A953F8B5B13516F0203010001 cert_storage_type=NSSDB cert_storage_location=/etc/pki/pki-tomcat/alias cert_token=NSS Certificate DB cert_nickname=caSigningCert cert-pki-ca cert_issuer_der=303731153013060355040A0C0C4558414D504C452E54455354311E301C06035504030C15436572746966696361746520417574686F72697479 cert_issuer=CN=Certificate Authority,O=EXAMPLE.TEST cert_serial=01 cert_subject_der=303731153013060355040A0C0C4558414D504C452E54455354311E301C06035504030C15436572746966696361746520417574686F72697479 cert_subject=CN=Certificate Authority,O=EXAMPLE.TEST cert_spki=30820122300D06092A864886F70D01010105000382010F003082010A0282010100E2B268DDBBB3CBC28A6EED45C317144B3356355EE6E77F4311758DC438BFAB4DBCC78D3B2292D1B8F26A935EB34A638927D01AFF54583431683CD9D8CE9AC79486A49CD4FD4869561ED422080BDEBC2C5A7FDF5AF76B6E4FF4CB881B52DDB482F61BD09E9F155BA24AB23E2CDBB51387E11758358EF41A61737D1AF2E785CAF70109FD89A147DC0CE2CEC13F18E2345930D5B15C78924621749AD9F2C8D38393A325FA4A9C61FE5DCAE1AEFF7F282ADBD4017FE3329FE4A71B4EA7D01F92FA91AB21ECA56B73A5DA400F578B49E4AC4369D6998F762058B926B2D8C5E42F9C5CE1AAD021E25E76C62864F8D2FF5EC130CA65ECC931D923DD1A953F8B5B13516F0203010001 cert_not_before=20141122001749 cert_not_after=20341122001749 cert_ku=1100011 cert_is_ca=1 cert_ca_path_length=-2 cert_ocsp=http://vm4.example.test:80/ca/ocsp cert_no_ocsp_check=0 last_need_notify_check=20341116061856 last_need_enroll_check=20341116061856 template_subject_der=303731153013060355040A0C0C4558414D504C452E54455354311E301C06035504030C15436572746966696361746520417574686F72697479 template_subject=CN=Certificate Authority,O=EXAMPLE.TEST template_ku=1100011 template_is_ca=0 template_ca_path_length=0 template_profile=ipaCACertRenewal template_no_ocsp_check=0 csr=-----BEGIN NEW CERTIFICATE REQUEST----- MIIDETCCAfkCAQAwNzEVMBMGA1UECgwMRVhBTVBMRS5URVNUMR4wHAYDVQQDDBVD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDismjdu7PLwopu7UXDFxRLM1Y1Xubnf0MRdY3EOL+rTbzHjTsiktG48mqT XrNKY4kn0Br/VFg0MWg82djOmseUhqSc1P1IaVYe1CIIC968LFp/31r3a25P9MuI G1LdtIL2G9CenxVbokqyPizbtROH4RdYNY70GmFzfRry54XK9wEJ/YmhR9wM4s7B PxjiNFkw1bFceJJGIXSa2fLI04OToyX6Spxh/l3K4a7/fygq29QBf+Myn+SnG06n 0B+S+pGrIeyla3Ol2kAPV4tJ5KxDadaZj3YgWLkmstjF5C+cXOGq0CHiXnbGKGT4 0v9ewTDKZezJMdkj3RqVP4tbE1FvAgMBAAGggZQwQQYJKoZIhvcNAQkUMTQeMgBj AGEAUwBpAGcAbgBpAG4AZwBDAGUAcgB0ACAAYwBlAHIAdAAtAHAAawBpAC0AYwBh ME8GCSqGSIb3DQEJDjFCMEAwDgYDVR0PAQEABAQDAgHGMAwGA1UdEwEB/wQCMAAw IAYDVR0OAQEABBYEFCXR+icIicOKX3IIwEON7uRPILrFMA0GCSqGSIb3DQEBCwUA A4IBAQA0m9iTmk8XfT9Z1uwR+o2diDZugJd/vRL2GujedVfBb7GV6cbfSpnwFGbi KGdNsdtHuKm7447ye2QFcQZ8nw0PBBsAICEfdXERfCFen9LrQukx7c1f4WMUs3Gr m6QDWrQqbvHmFxefBcPu4A6Yt1e/2VpKfXtgcGfLEdLrJU/rJIrJx+0+H5sYTC+e 0sOfqCr53ioxNw49jaxvkg5Q80IppH72K+qAdfBZrsX+XdkU0AxuGa5A0ngmwwK4 38py9vjdOI1w8aBvuE/2Z5W35yu4AoQ3k6AkVUv2cmNlzyZUoz4fL5aI4LQ79yov 11xoxpHkL7Ufwm08pD9vJhUZpeng -----END NEW CERTIFICATE REQUEST----- spkac=MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDismjdu7PLwopu7UXDFxRLM1Y1Xubnf0MRdY3EOL+rTbzHjTsiktG48mqTXrNKY4kn0Br/VFg0MWg82djOmseUhqSc1P1IaVYe1CIIC968LFp/31r3a25P9MuIG1LdtIL2G9CenxVbokqyPizbtROH4RdYNY70GmFzfRry54XK9wEJ/YmhR9wM4s7BPxjiNFkw1bFceJJGIXSa2fLI04OToyX6Spxh/l3K4a7/fygq29QBf+Myn+SnG06n0B+S+pGrIeyla3Ol2kAPV4tJ5KxDadaZj3YgWLkmstjF5C+cXOGq0CHiXnbGKGT40v9ewTDKZezJMdkj3RqVP4tbE1FvAgMBAAEWADANBgkqhkiG9w0BAQsFAAOCAQEA1X0Pyj+C598GbOhf8+nOx4NNkmYz+IQ35fOV+17BK9yyQYWnErv1DkkaNIOq9hNcxTZaZw4usrBrZcNac537YiSj7MqD6Q5oFxBTSSRb9GM6vCwtR58+s32JT3PhxqQuSmi7mAC2qt7eHAeg+521/+aDdXBy/wDExVfTV26Txrfrzx5UkgNWrA0ECWyaX8Hr8rc7+ZfMpUUJIRFN+BRGIWE9JEEarYNfxFrWUsc6Y+i7iH3NMQ+a5pcSnywdgWFdXycoqhY7hlmmhKXtFWrPEGXVhpXa+efnT9pXldLG9nVatRbuUATCmMlcqIBYgfdx1dTRVO/Kr5vWg9VOsHfXSQ== state=SUBMITTING autorenew=1 monitor=1 ca_name=dogtag-ipa-ca-renew-agent submitted=20341116081303 ca_cookie={"profile": "caCACert", "cookie": "request:{\"profile\": \"caCACert\", \"cookie\": \"request:{\\\"profile\\\": \\\"caCACert\\\", \\\"cookie\\\": \\\"state=approve&requestId=4268\\\"}\"}"} cert=-----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRUwEwYDVQQKDAxFWEFN UExFLlRFU1QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNDEx MjIwMDE3NDlaFw0zNDExMjIwMDE3NDlaMDcxFTATBgNVBAoMDEVYQU1QTEUuVEVT VDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA4rJo3buzy8KKbu1FwxcUSzNWNV7m539DEXWNxDi/ q028x407IpLRuPJqk16zSmOJJ9Aa/1RYNDFoPNnYzprHlIaknNT9SGlWHtQiCAve vCxaf99a92tuT/TLiBtS3bSC9hvQnp8VW6JKsj4s27UTh+EXWDWO9Bphc30a8ueF yvcBCf2JoUfcDOLOwT8Y4jRZMNWxXHiSRiF0mtnyyNODk6Ml+kqcYf5dyuGu/38o KtvUAX/jMp/kpxtOp9AfkvqRqyHspWtzpdpAD1eLSeSsQ2nWmY92IFi5JrLYxeQv nFzhqtAh4l52xihk+NL/XsEwymXsyTHZI90alT+LWxNRbwIDAQABo4GkMIGhMB8G A1UdIwQYMBaAFCXR+icIicOKX3IIwEON7uRPILrFMA8GA1UdEwEB/wQFMAMBAf8w DgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQl0fonCInDil9yCMBDje7kTyC6xTA+ BggrBgEFBQcBAQQyMDAwLgYIKwYBBQUHMAGGImh0dHA6Ly92bTQuZXhhbXBsZS50 ZXN0OjgwL2NhL29jc3AwDQYJKoZIhvcNAQELBQADggEBAKTuz4N3D9eeQETNryQ2 CyP/WcxZqFfFe1nLLGmLdl+aGph6b0VYy7c7QT8NqdIi163iaodx4ayF14EKGun7 X4S76bIXKlp3qLEGJr0rduuohF/sOIdBFgvMkmolieyofLsIREabEZxXQGgNIHWv WwUZ+V+C1MFfDl3gc6jogy5mpUNbjg3ro8uOgwB2gYmojHuKAnsovZu64F5YlKsi MGYldwfMe7k/tE4SfZgLv98m4ogdT9ykm4MBzcfo4wmOQFrnInmquqJ6pyZ0+rzU oSGsasYJHza31GUv73a6MRJIRhJg4IHEFlGw1rUwKJ731xAoTTH82rRZK79bUdNr hOk= -----END CERTIFICATE----- pre_certsave_command=/usr/lib64/ipa/certmonger/stop_pkicad pre_certsave_uid=0 post_certsave_command=/usr/lib64/ipa/certmonger/renew_ca_cert "caSigningCert cert-pki-ca" post_certsave_uid=0
FYI, if I run ipa-cacert-manage renew, it does renew and set expiration on new cert as expected.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4765
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/423c3e8f34d6ae6655c3b82c4e5a18caf1e63a49 ipa-4-1: https://fedorahosted.org/freeipa/changeset/9bfb16c22043d714b8227567600f94345c40cad6
Verified. Version :: ipa-server-4.1.0-12.el7.x86_64 Results :: This one took some work to walk the time in to almost the point where the CA was fully expired. I had difficulty verifying this one because of bug #1173207 where certs wouldn't properly autorenew simultaneously. I was able to get this though. During renewal cycle: [root@vm2 ca]# getcert list -i 20141211192147 Number of certificates and requests being tracked: 8. Request ID '20141211192147': status: SUBMITTING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin='563139244575' certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=EXAMPLE.TEST subject: CN=Certificate Authority,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save command: post-save command: track: yes auto-renew: yes And it renewed without forcing with resubmit. [root@vm2 ca]# getcert list -i 20141211192147 Number of certificates and requests being tracked: 8. Request ID '20141211192147': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin='563139244575' certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=EXAMPLE.TEST subject: CN=Certificate Authority,O=EXAMPLE.TEST expires: 2054-12-09 22:30:05 UTC key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save command: post-save command: track: yes auto-renew: yes .... and the results to get there: [root@vm2 ca]# date 120916302034 Sat Dec 9 16:30:00 CST 2034 [root@vm2 ca]# date -u; getcert list | egrep "status|expires|Request|subject|ca-error" Sat Dec 9 22:30:01 UTC 2034 Request ID '20141211192144': status: NOTIFYING_VALIDITY ca-error: Internal error: no response to "http://vm2.example.test:8080/ca/ee/ca/displayCertFromRequest?requestId=128&importCert=true&xml=true". subject: CN=CA Audit,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192145': status: CA_UNREACHABLE ca-error: Internal error subject: CN=OCSP Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192146': status: NOTIFYING_VALIDITY ca-error: Internal error: no response to "http://vm2.example.test:8080/ca/ee/ca/displayCertFromRequest?requestId=130&importCert=true&xml=true". subject: CN=CA Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192147': status: NOTIFYING_VALIDITY ca-error: Internal error: no response to "http://vm2.example.test:8080/ca/ee/ca/displayCertFromRequest?requestId=132&importCert=true&xml=true". subject: CN=Certificate Authority,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192148': status: NOTIFYING_VALIDITY ca-error: Internal error: no response to "http://vm2.example.test:8080/ca/ee/ca/displayCertFromRequest?requestId=129&importCert=true&xml=true". subject: CN=IPA RA,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192149': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192150': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192212': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC [root@vm2 ca]# date -u; getcert list | egrep "status|expires|Request|subject|ca-error" Sat Dec 9 22:30:03 UTC 2034 Request ID '20141211192144': status: SUBMITTING subject: CN=CA Audit,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192145': status: CA_UNREACHABLE ca-error: Internal error subject: CN=OCSP Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192146': status: SUBMITTING subject: CN=CA Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192147': status: SUBMITTING subject: CN=Certificate Authority,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192148': status: SUBMITTING subject: CN=IPA RA,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192149': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192150': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192212': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC [root@vm2 ca]# date -u; getcert list | egrep "status|expires|Request|subject|ca-error" Sat Dec 9 22:30:45 UTC 2034 Request ID '20141211192144': status: MONITORING subject: CN=CA Audit,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192145': status: CA_UNREACHABLE ca-error: Internal error subject: CN=OCSP Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192146': status: NEED_TO_SAVE_CERT subject: CN=CA Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192147': status: NEED_TO_SAVE_CERT subject: CN=Certificate Authority,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192148': status: NEED_TO_SAVE_CERT subject: CN=IPA RA,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192149': status: NEED_TO_SAVE_CERT subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192150': status: SUBMITTING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192212': status: SUBMITTING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC [root@vm2 ca]# date -u; getcert list | egrep "status|expires|Request|subject|ca-error" Sat Dec 9 22:31:20 UTC 2034 Request ID '20141211192144': status: MONITORING subject: CN=CA Audit,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192145': status: CA_UNREACHABLE ca-error: Internal error subject: CN=OCSP Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192146': status: NEED_TO_SAVE_CERT subject: CN=CA Subsystem,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192147': status: MONITORING subject: CN=Certificate Authority,O=EXAMPLE.TEST expires: 2054-12-09 22:30:05 UTC Request ID '20141211192148': status: NEED_TO_SAVE_CERT subject: CN=IPA RA,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192149': status: NEED_TO_SAVE_CERT subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192150': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC Request ID '20141211192212': status: MONITORING subject: CN=vm2.example.test,O=EXAMPLE.TEST expires: 2034-12-11 19:21:06 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html