getcert command shows an error: ca-error: Invalid cookie: u''

Solution Verified - Updated -

Issue

  • getcert list command show an error similar to below

    Request ID '20181223123828':
        status: MONITORING
        ca-error: Invalid cookie: u''
        stuck: no
        key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key'
        certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=IPA RA,O=EXAMPLE.COM
        expires: 2020-01-14 05:49:55 UTC
        key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
        post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
        track: yes
        auto-renew: yes

  • ipa commands that involves dealing with certificates fail. For example, ipa host-del:

    # ipa host-del client.example.com
ipa: ERROR: Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)

Environment

  • Red Hat Enterprise Linux (RHEL) version 7 and 8.
  • Identity Management (IdM) version 4.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content