Re: [Pki-users] getting NEED_TO_NOTIFY_ISSUED_SAVE_FAILED with dogtag-submit
hmmm. strange. I see that the cert is indeed being fetched and put into the
request file in /var/lib/certmonger/requests. Why isn't it making it to the
final destination in /tmp/getcert.crt?
Verbose logging also tells me nothing about why it's not working but I do
see this in /var/log/messages:
*Apr 3 06:14:36 dogtag certmonger: Certificate in file "/tmp/getcert.crt"
issued by CA but not saved.*
ideas?
On Sat, Apr 4, 2015 at 1:53 PM, Steve Neuharth <steve(a)sylvation.com> wrote:
Hello,
I'm using the following configuration with certmonger:
*id=Dogtagca_aka=Dogtag (certmonger
0.76.8)ca_is_default=0ca_type=EXTERNALca_external_helper=/usr/libexec/certmonger/dogtag-submit
-E https://dogtag.test.org:8443/ca/ee/ca
<https://dogtag.test.org:8443/ca/ee/ca> -A
https://dogtag.test.org:8443/ca/agent/ca
<https://dogtag.test.org:8443/ca/agent/ca> -i /root/ca.crt*
I'm able to submit a request like this:
*getcert request -k /tmp/getcert.key -f /tmp/getcert.crt -c Dogtag -D
foo.bar.org <http://foo.bar.org>*
but after I refresh the cert requests, it's in
NEED_TO_NOTIFY_ISSUED_SAVE_FAILED status and occasionally shows
START_SAVING_CERT status.
*Request ID '20150403093236': status:
NEED_TO_NOTIFY_ISSUED_SAVE_FAILED stuck: no key pair storage:
type=FILE,location='/tmp/getcert.key' certificate:
type=FILE,location='/tmp/getcert.crt' CA: Dogtag
issuer: subject: expires: unknown pre-save
command: post-save command: track: yes auto-renew: yes*
selinux is set to 'permissive' and the perms on /tmp are 777. I cant thonk
of any other reason it would fail to save the cert.
--steve
Attachments:
- attachment.html (text/html — 2.6 KB)