IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-12 09:11:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Report missing certificate in external trust chain

Browse Source 
When ipa-server-install is called with an external CA, but the cert chain is
incomplete, the command exits with the following error:
ERROR CA certificate chain in <list of --external-cert-file> is incomplete

The fix adds in the log the name of the missing certificate:
ERROR    CA certificate chain in <list of --external-cert-file> is incomplete: missing certificate with subject '<dn of the missing certificate>'

https://fedorahosted.org/freeipa/ticket/5792

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2016-05-30 14:27:01 +02:00 committed by Jan Cholasta
parent a76d4402a6
commit 517964f746
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ipaserver/install/installutils.py
View File

@ -1015,8 +1015,9 @@ def load_external_cert(files, subject_base):
break
else:
raise ScriptError(
"CA certificate chain in %s is incomplete" %
(", ".join(files)))
"CA certificate chain in %s is incomplete: "
"missing certificate with subject '%s'" %
(", ".join(files), issuer))
for nickname in trust_chain:
try: