[Freeipa-users] ipa-healthcheck: a replica says "RA agent description does not match", ""Request for certificate failed, Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)"

Sat, 21 Dec 2019 04:50:36 -0800 

Hi,

I'm monitoring using ipa-healthcheck and I just started getting:

$ sudo ipa-healthcheck --severity CRITICAL --severity ERROR --failures-only
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
[
  {
    "source": "ipahealthcheck.ipa.certs",
    "kw": {
      "msg": "RA agent description does not match 2;44;CN=Certificate
Authority,O=IPA.PDP7.NET;CN=IPA RA,O=IPA.PDP7.NET in LDAP and
2;7;CN=Certificate Authority,O=IPA.PDP7.NET;CN=IPA RA,O=IPA.PDP7.NET
expected",
      "got": "2;44;CN=Certificate Authority,O=IPA.PDP7.NET;CN=IPA RA,O=
IPA.PDP7.NET",
      "expected": "2;7;CN=Certificate Authority,O=IPA.PDP7.NET;CN=IPA RA,O=
IPA.PDP7.NET"
    },
    "uuid": "0bfa6af6-5dd9-4505-89dc-a733060042a4",
    "duration": "0.037322",
    "when": "20191221123847Z",
    "check": "IPARAAgent",
    "result": "ERROR"
  },
  {
    "source": "ipahealthcheck.ipa.certs",
    "kw": {
      "msg": "Request for certificate failed, Certificate operation cannot
be completed: EXCEPTION (Invalid Credential.)",
      "key": "20181108202133"
    },
    "uuid": "bd04fd67-7b3e-4d2f-a87e-ff15563808e0",
    "duration": "0.491949",
    "when": "20191221123848Z",
    "check": "IPACertRevocation",
    "result": "ERROR"
  },

... the second one is repeated a bunch of times. If I go into the replica
web UI to check cert 7, I get very much the same error:

An error has occurred (IPA Error 4301: CertificateOperationError)
Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)

However, if I go to the first IPA server I created, I can view the cert
normally. How should I proceed?

Cheers,

Álex

-- 
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to