https://bugzilla.redhat.com/show_bug.cgi?id=761574
Description of problem: After upgrading to ipa-server-2.1.3-9.el6.x86_64 on Dec I started receiving the error message, "Certificate operation cannot be completed: Unable to communicate with CMS (Unauthorized)" any time I tried to view a host in the web UI. This message is accompanied by the message, "[08/Dec/2011:10:55:25][TP-Processor3]: com.netscape.cms.servlet.filter.AgentRequestFilter: The scheme MUST be 'https', NOT 'http'!" in /var/log/pki-ca/debug each time it occurs. It is now impossible to view certificates issued to hosts in the Web UI. Any host with a cert installed is impossible to delete whether via the Web UI or CLI (same error messages.) ipa cert-show 1 gives the same error message, "ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Unauthorized)" Version-Release number of selected component (if applicable): ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-client-2.1.3-9.el6.x86_64 ipa-server-selinux-2.1.3-9.el6.x86_64 libipa_hbac-python-1.5.1-66.el6.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-admintools-2.1.3-9.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-python-2.1.3-9.el6.x86_64 ipa-server-2.1.3-9.el6.x86_64 Running the following restores functionality: yum downgrade ipa-server libipa_hbac libipa_hbac-python ipa-python ipa-client ipa-admintools ipa-server-selinux yum upgrade brings the error back. How reproducible: Always Steps to Reproduce: 1. Install IPA 2.0.0-23.el6_1.2 2. Configure IPA 3. Upgrade to RHEL 6.2 / IPA 2.1.3-9.el6 4. Restart IPA Actual results: CMS server becomes unavailable Expected results: CMS server remains available. Additional info: I actually had 2.1.1-4.el6 installed previous to 2.1.3-9, probably as part of the 6.2 Beta, but when I downgraded it did not look to be available any more and I got dropped to 2.0.0-23.el6_1.2. Could be related somehow, I guess.
attachment freeipa-rcrit-930-conflict.patch
The problem is that we now use mod_proxy again to do SSL work because we proxy for dogtag so we need a Conflicts on mod_ssl again.
Moving to next month iteration.
master: 915286f
ipa-2-2: bc5c268
The patch was reverted.
It is still fixed upstream.
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 Core Effort Remaining Work
Login to comment on this ticket.