"ipa-client-install" fails with "ERROR Cannot obtain CA certificate"

Solution Unverified - Updated -

Issue

  • ipa-client-install fails with "ERROR Cannot obtain CA certificate"

For example:

root        : ERROR    Cannot obtain CA certificate
'ldap://ipa1.test.mil' doesn't have a certificate.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
  • Found following logs in ipaclient-install.log
2013-03-18 14:21:20,400 DEBUG stderr=
2013-03-18 14:21:20,403 DEBUG trying to retrieve CA cert via LDAP from ldap://ipa1.test.mil
2013-03-18 14:21:20,472 DEBUG non-generic 'FileError' needs format=None; got format="Unable to read new ca cert '/etc/ipa/ca.crt.new': [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]"
2013-03-18 14:21:20,472 ERROR Cannot obtain CA certificate
'ldap://ipa1.test.mil' doesn't have a certificate.
2013-03-18 14:21:20,510 DEBUG args=kdestroy
2013-03-18 14:21:20,511 DEBUG stdout=

Environment

  • Red Hat Enterprise Linux 5.9
  • ipa-client

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.