"ipa-client-install" fails with "ERROR Cannot obtain CA certificate"
Issue
ipa-client-installfails with "ERROR Cannot obtain CA certificate"
For example:
root : ERROR Cannot obtain CA certificate
'ldap://ipa1.test.mil' doesn't have a certificate.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
- Found following logs in
ipaclient-install.log
2013-03-18 14:21:20,400 DEBUG stderr=
2013-03-18 14:21:20,403 DEBUG trying to retrieve CA cert via LDAP from ldap://ipa1.test.mil
2013-03-18 14:21:20,472 DEBUG non-generic 'FileError' needs format=None; got format="Unable to read new ca cert '/etc/ipa/ca.crt.new': [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]"
2013-03-18 14:21:20,472 ERROR Cannot obtain CA certificate
'ldap://ipa1.test.mil' doesn't have a certificate.
2013-03-18 14:21:20,510 DEBUG args=kdestroy
2013-03-18 14:21:20,511 DEBUG stdout=
Environment
- Red Hat Enterprise Linux 5.9
- ipa-client
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.