On Wed, Sep 7, 2016 at 3:27 PM, Rob Crittenden <[email protected]> wrote:
> Natxo Asenjo wrote: > >> hi, >> >> using centos 6.8 (server and client), when trying to view some hosts we >> get this error: >> >> >> $ ipa host-find host-1920.sub.domain.tld >> ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The >> certificate/key database is in an old, unsupported format. >> >> >> I saw a thread last year about this, but no solution. >> >> Any clues? >> > > /var/log/httpd/error_log may contain a traceback This made me take a look at a replica and there I could not replicate the error, I got the info I requested. In the apache error file I saw indeed a traceback: [Sun Sep 04 03:21:31 2016] [error] ipa: ERROR: non-public: XMLSyntaxError: None [Sun Sep 04 03:21:31 2016] [error] Traceback (most recent call last): [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipaserver/rpcserver.py", line 334, in wsgi_execute [Sun Sep 04 03:21:31 2016] [error] result = self.Command[name](*args, **options) [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__ [Sun Sep 04 03:21:31 2016] [error] ret = self.run(*args, **options) [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 750, in run [Sun Sep 04 03:21:31 2016] [error] return self.execute(*args, **options) [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py", line 362, in execute [Sun Sep 04 03:21:31 2016] [error] result = api.Command['cert_show'](unicode(serial))['result'] [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 438, in __call__ [Sun Sep 04 03:21:31 2016] [error] ret = self.run(*args, **options) [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 750, in run [Sun Sep 04 03:21:31 2016] [error] return self.execute(*args, **options) [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py", line 493, in execute [Sun Sep 04 03:21:31 2016] [error] result=self.Backend.ra.get_certificate(serial_number) [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py", line 1489, in get_certificate [Sun Sep 04 03:21:31 2016] [error] parse_result = self.get_parse_result_xml(http_body, parse_display_cert_xml) [Sun Sep 04 03:21:31 2016] [error] File "/usr/lib/python2.6/site-packages/ipaserver/plugins/dogtag.py", line 1350, in get_parse_result_xml [Sun Sep 04 03:21:31 2016] [error] doc = etree.fromstring(xml_text, parser) [Sun Sep 04 03:21:31 2016] [error] File "lxml.etree.pyx", line 2532, in lxml.etree.fromstring (src/lxml/lxml.etree.c:48270) [Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 1545, in lxml.etree._parseMemoryDocument (src/lxml/lxml.etree.c:71812) [Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 1424, in lxml.etree._parseDoc (src/lxml/lxml.etree.c:70673) [Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 938, in lxml.etree._BaseParser._parseDoc (src/lxml/lxml.etree.c:67442) [Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 539, in lxml.etree._ParserContext._handleParseResultDoc (src/lxml/lxml.etree.c:63824) [Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 625, in lxml.etree._handleParseResult (src/lxml/lxml.etree.c:64745) [Sun Sep 04 03:21:31 2016] [error] File "parser.pxi", line 576, in lxml.etree._raiseParseError (src/lxml/lxml.etree.c:64260) [Sun Sep 04 03:21:31 2016] [error] XMLSyntaxError: None restarting httpd fixed the issue. Thanks! Looking into apache never occurred to me, freeipa really is a web service although it provides infrastructure services. -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
