Hide Forgot
Cloned from upstream: https://pagure.io/freeipa/issue/7106 Steps to reproduce: 1. install FreeIPA server with self-signed CA certificate (default) 2. use ipa-cacert-manage to switch to CA certificate signed by external CA 3. use ipa-cacert-manage to to self-signed CA certificate Expected: Importing the renewed CA certificate, please wait CA certificate successfully renewed The ipa-cacert-manage command was successful Got: Renewing CA certificate, please wait Error resubmitting certmonger request '20170816133559', please check the request manually The ipa-cacert-manage command failed. From journalctl -u certmonger: ``` Traceback (most recent call last): File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 218, in <module> main() File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 212, in main _main() File "/usr/libexec/ipa/certmonger/renew_ca_cert", line 183, in _main db.trust_root_cert(ca_nick, 'C' + ca_flags) TypeError: cannot concatenate 'str' and 'TrustFlags' objects ```
Upstream ticket: https://pagure.io/freeipa/issue/7106
Fixed upstream master: https://pagure.io/freeipa/c/ee5345ac05fd1e133243ffb61c25615840f7bd87
*** Bug 1466786 has been marked as a duplicate of this bug. ***
Fixed upstream ipa-4-5: https://pagure.io/freeipa/c/85d5611119b9e3d616589d2a8e7447055184592b
Verified on ipa-server-4.5.4-6.el7.x86_64.
Created attachment 1363306 [details] verification_steps
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0918