I have a older kvm that is requiring an unencrypted pem for its cert from freeipa. I have also tried signing a csr from an older ilo product and the cert manager started giving a 404 check your services after trying to import it. any suggestions on how best to aproch these issues.
I did notice in the logs Feb 19 20:49:40 ipa server[3225]: java.util.TimerThread.run(Timer.java:505) Feb 19 20:49:40 ipa server[3225]: WARNING: The web application [ca] appears to have started a thread named [AsyncLoader watchdog] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
Hi Kendrick,
Please give more detail about exactly what you did and what the errors were.
FWIW the warning below does not seem relevant to your issue.
Thanks, Fraser
On Thu, Feb 20, 2020 at 02:01:22AM -0000, Kendrick . via FreeIPA-users wrote:
I have a older kvm that is requiring an unencrypted pem for its cert from freeipa. I have also tried signing a csr from an older ilo product and the cert manager started giving a 404 check your services after trying to import it. any suggestions on how best to aproch these issues.
I did notice in the logs Feb 19 20:49:40 ipa server[3225]: java.util.TimerThread.run(Timer.java:505) Feb 19 20:49:40 ipa server[3225]: WARNING: The web application [ca] appears to have started a thread named [AsyncLoader watchdog] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
due to all that has been going on it took a while to get back to this issue. it was multiple things happening at the same time. 1) firmware on one device needed to be updated to accept certs properly. 2) unknown lockup issues, I rebuilt the vm from scratch to re-verify results and it works fine now. 3) web interface stupidity which it does not give a proper error message. after trying them in the console i got errors like host name does not match or cert missing domain etc. after trying for some time i corrected all the information in the consoles so they would build a proper cert and import it. I was not getting proper errors from the console before so i suspect the previous install had issues.
the ui was useless for importing the csr even when every thing was correct. the exported part was usable though. I am left with 1 device that i have to generate every thing for it on a seperate system and then import it the exact directions are " Uploaded certificates must be in OpenSSL PEM format with an unencrypted private key." i have not had a chance to poke at that one yet and dont have much of an idea on how to do that properly.
Kendrick . via FreeIPA-users wrote:
due to all that has been going on it took a while to get back to this issue. it was multiple things happening at the same time. 1) firmware on one device needed to be updated to accept certs properly. 2) unknown lockup issues, I rebuilt the vm from scratch to re-verify results and it works fine now. 3) web interface stupidity which it does not give a proper error message. after trying them in the console i got errors like host name does not match or cert missing domain etc. after trying for some time i corrected all the information in the consoles so they would build a proper cert and import it. I was not getting proper errors from the console before so i suspect the previous install had issues.
the ui was useless for importing the csr even when every thing was correct. the exported part was usable though. I am left with 1 device that i have to generate every thing for it on a seperate system and then import it the exact directions are " Uploaded certificates must be in OpenSSL PEM format with an unencrypted private key." i have not had a chance to poke at that one yet and dont have much of an idea on how to do that properly.
Still at a loss for what it is you're working on, where the errors are coming from or what we can do to assist.
rob
freeipa-users@lists.fedorahosted.org