"ipa-client-install" fails with "ERROR Cannot obtain CA certificate"

Solution Unverified - Updated -

Issue

  • ipa-client-install fails with "ERROR Cannot obtain CA certificate"

For example:

root        : ERROR    Cannot obtain CA certificate
'ldap://ipa1.test.mil' doesn't have a certificate.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
  • Found following logs in ipaclient-install.log
2013-03-18 14:21:20,400 DEBUG stderr=
2013-03-18 14:21:20,403 DEBUG trying to retrieve CA cert via LDAP from ldap://ipa1.test.mil
2013-03-18 14:21:20,472 DEBUG non-generic 'FileError' needs format=None; got format="Unable to read new ca cert '/etc/ipa/ca.crt.new': [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]"
2013-03-18 14:21:20,472 ERROR Cannot obtain CA certificate
'ldap://ipa1.test.mil' doesn't have a certificate.
2013-03-18 14:21:20,510 DEBUG args=kdestroy
2013-03-18 14:21:20,511 DEBUG stdout=

Environment

  • Red Hat Enterprise Linux 5.9
  • ipa-client

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In