ipa-server-upgrade script fails with the error: "[X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:2554)"

Solution Verified - Updated -

Issue

ipa-server-upgrade script fails with the following errors in /var/log/ipaupgrade.log :

ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG: The ipa-server-upgrade command failed, exception: NetworkError: cannot connect to 'https://ipa01.example.com:8443/ca/rest/account/login': [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:2554)
ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: Unexpected error - see /var/log/ipaupgrade.log for details:
NetworkError: cannot connect to 'https://ipa01.example.com:8443/ca/rest/account/login': [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:2554)
ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
2017-12-04T06:25:01Z DEBUG client_certificate: /var/lib/ipa/ra-agent.pem || client_keyfile: /var/lib/ipa/ra-agent.key
2017-12-04T06:25:01Z DEBUG httplib request failed:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipapython/dogtag.py", line 204, in _httplib_request
    conn = connection_factory(host, port)
  File "/usr/lib/python2.7/site-packages/ipapython/dogtag.py", line 158, in connection_factory
    tls_version_max=api.env.tls_version_max)
  File "/usr/lib/python2.7/site-packages/ipalib/util.py", line 330, in create_https_connection
    ctx.load_cert_chain(client_certfile, client_keyfile, passwd)
SSLError: [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:2554)

Environment

  • Red Hat Enterprise Linux 7.4
  • ipa-server-4.5.0-21.el7_4.2.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.