getcert command shows an error: ca-error: Invalid cookie: u''

Solution Verified - Updated -


  • getcert list command show an error similar to below

    Request ID '20181223123828':
            status: MONITORING
            ca-error: Invalid cookie: u''
            stuck: no
            key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key'
            certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem'
            CA: dogtag-ipa-ca-renew-agent
            issuer: CN=Certificate Authority,O=EXAMPLE.COM
            subject: CN=IPA RA,O=EXAMPLE.COM
            expires: 2020-01-14 05:49:55 UTC
            key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
            eku: id-kp-serverAuth,id-kp-clientAuth
            pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
            post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
            track: yes
            auto-renew: yes
  • ipa commands that involves dealing with certificates fail. For example, ipa host-del:

    # ipa host-del
    ipa: ERROR: Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)


  • Red Hat Enterprise Linux (RHEL) version 7 and 8.
  • Identity Management (IdM) version 4.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In