https://bugzilla.redhat.com/show_bug.cgi?id=818714 (Red Hat Enterprise Linux 6)
Description of problem: In the UI for Hosts and services, it provides instructions to generate a cert. Following the steps throws an error: Certificate operation cannot be completed: unknown(3) (Request Rejected - Key Parameters 1024,2048,3072,4096 Not Matched) The size of the private key, by default is 512. If a size of 1024 is specified, can generate a valid cert. so steps taken were: # openssl genrsa -out key.pem 1024 Generating RSA private key, 1024 bit long modulus .........++++++ .............++++++ e is 65537 (0x10001) [root@qe-blade-01 nk]# openssl req -new -key key.pem -subj '/O=TESTRELM.COM/CN=qq.testrelm.com' -out cert.csr Also - instead of using openssl, can the steps indicate using certutil, so that we use the nss db? Version-Release number of selected component (if applicable): ipa-server-2.2.0-12.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a Host or Service 2. Edit it 3. Click on 'New Certificate' for Host or Service 4. Follow instructions provided to get a cert 5. Click Issue Actual results: error thrown: Certificate operation cannot be completed: unknown(3) (Request Rejected - Key Parameters 1024,2048,3072,4096 Not Matched) Expected results: new cert should be issued Additional info:
Drop openssl instructions and replace with instructions to use certutil.
master: 4640f95
Metadata Update from @mkosek: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 3.0 Core Effort - 2012/05
Login to comment on this ticket.