IPA CLI and Web UI Interfaces Each Return Error -8015 When Performing Certificate Operations
Issue
Both the IPA command-line and Web UI interfaces return '[Errno -8015] error (-8015) unknown' when we attempt to manage certificates:
# ipa cert-show 20120424033757
ipa: ERROR: cannot connect to 'https://ipaserver01.example.com:443/ca/agent/ca/displayBySerial': [Errno -8015] error (-8015) unknown
In addition, the certmonger daemon has not been able to complete certificate operations against the IPA CA due to a problem with decoding certificate signing requests :
# ipa-getcert list
Request ID '20120424033757':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Failure decoding Certificate Signing Request).
stuck: yes
key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - ipaclient01.example.com',token='NSS Certificate DB'
certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - ipaclient01.example.com',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipaclient01.example.com,O=EXAMPLE.COM
expires: 2014-04-25 03:37:58 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Environment
- Red Hat Enterprise Linux Server release 6
- Red Hat Enterprise Linux Server release 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
