Winfried de Heiden via FreeIPA-users wrote: > Hi all, > > For some reason, I messed up with several certificates in FreeIPA, > version: 4.8. One particular KRA cert seems problematic: > > Request ID '20200820113800': > status: CA_REJECTED > ca-error: Server at "<some server>:8080/ca/ee/ca/profileSubmit > <http://ipa.blabla.bla:8080/ca/ee/ca/profileSubmit>" replied: Missing > credential: sessionID > stuck: yes > key pair storage: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='cert-nickname=transportCert > cert-pki-kra',token='NSS Certificate DB',pin set > certificate: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='cert-nickname=transportCert > cert-pki-kra',token='NSS Certificate DB' > CA: dogtag-ipa-ca-renew-agent > issuer: > subject: > expires: unknown > pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad > post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert > "transportCert cert-pki-kra" > track: yes > auto-renew: yes > > How to fix?
We're seeing this on the IPA demo server as well, see BZ https://bugzilla.redhat.com/show_bug.cgi?id=1869605 rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
