IPA CLI and Web UI Interfaces Each Return Error -8015 When Performing Certificate Operations

Solution Verified - Updated -

Issue

Both the IPA command-line and Web UI interfaces return '[Errno -8015] error (-8015) unknown' when we attempt to manage certificates:

# ipa cert-show 20120424033757
ipa: ERROR: cannot connect to 'https://ipaserver01.example.com:443/ca/agent/ca/displayBySerial': [Errno -8015] error (-8015) unknown

In addition, the certmonger daemon has not been able to complete certificate operations against the IPA CA due to a problem with decoding certificate signing requests :

 # ipa-getcert list
Request ID '20120424033757':
    status: CA_UNREACHABLE
    ca-error: Server failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: Failure decoding Certificate Signing Request).
    stuck: yes
    key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - ipaclient01.example.com',token='NSS Certificate DB'
    certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - ipaclient01.example.com',token='NSS Certificate DB'
    CA: IPA
    issuer: CN=Certificate Authority,O=EXAMPLE.COM
    subject: CN=ipaclient01.example.com,O=EXAMPLE.COM
    expires: 2014-04-25 03:37:58 UTC
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command: 
    post-save command: 
    track: yes
    auto-renew: yes

Environment

  • Red Hat Enterprise Linux Server release 6
  • Red Hat Enterprise Linux Server release 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.