Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1318186

Summary: Misleading error message during external-ca IPA master install
Product: Red Hat Enterprise Linux 7 Reporter: Kaleem <ksiddiqu>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Mohammad Rizwan <myusuf>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.2CC: akasurde, jcholast, mbabinsk, myusuf, nsoman, pvoborni, rcritten, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.5.0-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 09:37:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
console logs none

Description Kaleem 2016-03-16 08:59:43 UTC 
Description of problem:
During second attempt of IPA external-ca install after first successful attempt, following error message shown which is misleading.


ipa.ipapython.install.cli.install_tool(Server): ERROR    Failed to load /root/ipa-ca/ipa.crt

Honza helped me to figured out the cause for this.

Here, uninstallation of IPA external-ca was not removing the certs from /etc/httpd/alias which is already reported in https://fedorahosted.org/freeipa/ticket/4639. 

But instead of error message "Failed to load /root/ipa-ca/ipa.crt
", we expect error message like

 "(SEC_ERROR_REUSED_ISSUER_AND_SERIAL) You are attempting to import a cert with the same issuer/serial as an existing cert"

Also warning message is not logged in ipaserver-install.log .

Version-Release number of selected component (if applicable):
[root@auto-hv-01-guest02 ~]# rpm -q ipa-server 
ipa-server-4.2.0-15.el7_2.10.x86_64
[root@auto-hv-01-guest02 ~]# 

How reproducible:
Always

Steps to Reproduce:
1. Installl IPA with external-ca
2. Uninstall IPA 
3. Install IPA with external-ca again

Actual results:
Installation of IPA fails in second attempt

Expected results:
Installation of IPA should be successful in second attempt also

Additional info:
1. After removing the certs from /etc/httpd/alias, able to install IPA successfully.
Comment 2 Petr Vobornik 2016-03-24 19:26:20 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4639
Comment 3 Martin Bašti 2016-05-26 14:00:41 UTC 
*** Bug 1340096 has been marked as a duplicate of this bug. ***
Comment 4 Abhijeet Kasurde 2017-02-03 09:47:53 UTC 
I have encountered same error message in RHEL 7.3. Any plan of fixing this ?
Comment 5 Martin Babinsky 2017-03-22 14:00:15 UTC 
Fixed upstream
ipa-4-5:
https://pagure.io/freeipa/c/cf188c8513c6b36a0724866025ddc220683de8dc
https://pagure.io/freeipa/c/f788e3e36bcaefc7d94c92895916246681e64291
master:
https://pagure.io/freeipa/c/bbd18cf10f2e67e5205a3a3bee883272e89c0042
https://pagure.io/freeipa/c/e263cb46cba604421d5ed2e1dbf5dd1d66ce0221
Comment 7 Jan Cholasta 2017-04-04 08:23:09 UTC 
Fixed upstream
master:
https://pagure.io/freeipa/c/5f5a3b29dba7cc736ba334aefb55484baeefeb76
ipa-4-5:
https://pagure.io/freeipa/c/471dfcbe1cc3f319da788add3661cb6d63e3c0f0
Comment 12 Mohammad Rizwan 2017-06-08 06:13:59 UTC 
Created attachment 1285980 [details]
console logs
Comment 13 Mohammad Rizwan 2017-06-08 06:14:41 UTC 
verified on ipa-server-4.5.0-15.el7.x86_64 too.

Installation logs are attached.
Comment 14 errata-xmlrpc 2017-08-01 09:37:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304