Re: [Pki-users] getting NEED_TO_NOTIFY_ISSUED_SAVE_FAILED with dogtag-submit
On Tue, Apr 07, 2015 at 12:18:24PM -0500, Steve Neuharth wrote:
yes, the certificate in the request file has a newline after the
certificate data:
cert=-----BEGIN CERTIFICATE-----
MIIDajCCAlKgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBEMSEwHwYDVQQKDBh0ZXN0
...cert data...
lRCw27w7Yw/JUMqJYoE=
<---- extra newline
-----END CERTIFICATE-----
Looks like that's the problem. When I make a similar request using cURL, I
don't get the '\n' in the xml so it must be an error in parsing the xml
response inside dogtag-submit. I've also tried the v77.1-1 rpm from rawhide
and I get the same behavior.
Hmm, I'm testing with 0.77.1 and pki-ca-9.0.3-38.el6_6 (you're on Fedora
IIRC, so it's not exactly the same, but I don't have an F21 box handy
ATM), and the data's getting cleaned before it's saved there.
Did you start with an older version and update after dogtag-submit had
finished its work? The newer daemon wouldn't have been in a position to
clean up the data it got from the helper in that case.
Nalin