[Bug 1772450] Re: freeipa server -- problems with certificates
Hi guys, I can confirm bug is still present on a fresh bionic installation: any ETA about cosmic backports? Thanks a lot -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
This bug was fixed in the package freeipa - 4.7.0-1ubuntu4 --- freeipa (4.7.0-1ubuntu4) cosmic; urgency=medium * Actually build server on architecture any. -- Dimitri John Ledkov Tue, 02 Oct 2018 23:32:01 +0100 ** Changed in: freeipa (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
What can I do to fix this? I can't deduce a workaround from these posts. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
Actually, on a second attempt, ~ppa3 works fine. Wierd.. both my attempts were clean installations. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
No, I cannot retry ~ppa2 since it seems not to be available anymore and I deleted my previous installation my mistake. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
For me this ~ppa3 seems a regression w.r.t. ~ppa2. Commands "pki cert- find" and "pki cert-show" only worked for a couple of attempts, than they stopped working with "PKIException: Internal Server Error" and now this behavior is permanent also across reboots. I will retry ~pps2 and see if it this also was happening there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
~ppa3 on the way to the ppa -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
after disabling mod_deflate it works, but since it's an essential module it's probably best to just patch plugins/dogtag.py for now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
filed upstream https://pagure.io/freeipa/issue/7563 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
note that on Fedora dogtag/tomcat does not return gzipped data although it's accepted on the ipa side, so could be that this bug would manifest there too in the same situation -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
It's related to mod_deflate somehow, probably missing some configuration. Dropping "'Accept-Encoding': 'gzip, deflate'," from plugins/dogtag.py works around this issue, but is not the solution. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
adding debug=true to /etc/ipa/default.conf and restarting apache gives debug output in apache error.log, and looks like it gets gzipped data from dogtag (which is fine) but somehow either the header is missing or it can't deflate it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
it's getting invalid xml from somewhere.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
ok thanks for testing, I think it's on the dogtag side still.. hope there's something in the pki-tomcat logs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
I did a clean installation with all the new components and it works... at least more than before. "pki cert-find", "pki cert-show 1" and "ipa cert-show 1" all works. However, the "Authentication -> Certificates" tab in the web ui still returns error: Certificate operation cannot be completed: Unable to communicate with CMS (Start tag expected, '<' not found, line 1, column 1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
and a new dogtag to depend on it and add the necessary links -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
interesting.. I'll push libjboss-annotations-1.2-api-java to the staging ppa to see how far you get with it -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
In my case, with dogtag 10.6.1-0ubuntu0.1, giving the "pki cert-find" command returns tons of warning of the kind WARN: RESTEASY002145: NoClassDefFoundError: Unable to load builtin provider org.jboss.resteasy.plugins.providers.InputStreamProvider from jar:file:/usr/share/java/resteasy-jaxrs.jar!/META- INF/services/javax.ws.rs.ext.Providers with different class names. Finally, it ends with NoClassDefFoundError: javax/annotation/Priority -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
pre2 uploaded to ppa:freeipa/staging I also uploaded tomcat8 there with a fixed (lower) version than what's in the updates ppa.. will take a while until these have been built -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
** Changed in: freeipa (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
At this stage, I am just trying to make it work so apologies for the hacks. For context: * I am using your PPAs for FreeIPA and dogtag * I linked named-pkcs11 to named * /etc/hostname is set to fqdn (kvm-10.ipa.kvm) And the following script for installation: #!/usr/bin/env bash sudo ipa-server-install \ -r IPA.KVM \ -n ipa.kvm \ --setup-dns \ --no-host-dns \ -p x \ -a x \ --mkhomedir \ --domain=ipa.kvm \ --hostname=kvm-10.ipa.kvm \ --no-dns-sshfp \ --no-dnssec-validation \ --auto-forwarders \ --auto-reverse \ --zonemgr=i...@.com -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
huh, ok.. could be that my test install is messed up somehow.. I'll reinstall ipa on it to see if things work then -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: freeipa (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
Strange. I am able to execute 'pki cert-find' without error. $ pki cert-find SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/usr/share/java/slf4j-jdk14.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/share/java/slf4j-simple.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.slf4j.impl.JDK14LoggerFactory] 13 entries found ... Is there some other stage you think may be responsible for the error? I can dig into the Java layer if you have any hypotheses that lead there... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
So far, the only clue I can find in the logs is a 'null' value for authType and principal: [ajp-nio-127.0.0.1-8009-exec-1] INFO com.netscape.cms.tomcat.ExternalAuthenticationValve - ExternalAuthenticationValve: authType: null [ajp-nio-127.0.0.1-8009-exec-1] INFO com.netscape.cms.tomcat.ExternalAuthenticationValve - ExternalAuthenticationValve: principal: null -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
I haven't finished it yet.. Dogtag needs jboss-annotations-1.2-api which isn't even in the archive yet :/ Running 'pki cert-find' would show some errors when it's missing, but even with it installed it still fails with 'internal server error' and I've no idea where that comes from. Upstream irc channel seems quite silent. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
I would like to help debug this. Like gianluca, I've managed to sort out the other bugs and am hitting this certificate issue. Where can I find the Git repository for 4.7.0-pre2? The associated repos only seem to contain 4.7.0-pre1 https://code.launchpad.net/ubuntu/+source/freeipa/+git -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
I tried the new dogtag but there is no difference. What about 4.7.0-pre2? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
dogtag 10.6.1 is uploaded to https://launchpad.net/~freeipa/+archive/ubuntu/staging now, not built yet -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1772450] Re: freeipa server -- problems with certificates
thanks for the bugs, keep 'em coming ;) I wonder if 4.7.0-pre2 and dogtag 10.6.1 would help here, I'll try to get them on a ppa soon -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772450 Title: freeipa server -- problems with certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1772450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs