Cloned from upstream: https://pagure.io/freeipa/issue/7106
Steps to reproduce:
1. install FreeIPA server with self-signed CA certificate (default)
2. use ipa-cacert-manage to switch to CA certificate signed by external CA
3. use ipa-cacert-manage to to self-signed CA certificate
Importing the renewed CA certificate, please wait
CA certificate successfully renewed
The ipa-cacert-manage command was successful
Renewing CA certificate, please wait
Error resubmitting certmonger request '20170816133559', please check the request manually
The ipa-cacert-manage command failed.
From journalctl -u certmonger:
Traceback (most recent call last):
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 218, in <module>
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 212, in main
File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 183, in _main
db.trust_root_cert(ca_nick, 'C' + ca_flags)
TypeError: cannot concatenate 'str' and 'TrustFlags' objects
*** Bug 1466786 has been marked as a duplicate of this bug. ***
Verified on ipa-server-4.5.4-6.el7.x86_64.
Created attachment 1363306 [details]
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.