Issue: Certificate Auto-enrollment #1305
Description
Is there an existing issue for this?
- I have searched the existing issues and found none that matched mine
Describe the issue
Trying to execute a successful auto-enrollment. The error i see is "certmonger: Max tries exceeded with url [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: hostname mismatch". I see the root certs in both directories of /var/local/share/ca-certificates and /var/lib/adsys/certs. But, the private key data certs in /var/lib/adsys/private/certs do not show. I run a 'getcert list' and my number of certs and requests being tracked is 0. Wanted to know if anyone knows the fix?
Steps to reproduce it
- Installed packages of certmonger and python3-cepces
- Installed and Configured Certification Authority, Certificate Enrollment Policy Web Service, Certificate Enrollment Web Service, and Network Device Enrollment Service
- Enabled the policy of Certiciate Services Client - Auto-enrollment Properties. Checked the boxes of both "renew exipred certificates, update pending certificates, and remove revoked certificates" and "update certificates that use certificate templates"
- Enabled the policy of Certiciate Services Client - Certificate Enrollment Policy.
Ubuntu users: System information
No response
Non Ubuntu users: System information
Environment
- adsys version: please run
adsysctl version - Distribution: (NAME in
/etc/os-release) - Distribution version: (VERSION_ID on
/etc/os-release):
Log files
Please redact/remove sensitive information:
adsys service logs can be acquired by running `adsysctl service cat -v`.
You can increase the amount of information displayed by increasing the verbosity level (-v) to -vv or -vvv.
Application settings
Please redact/remove sensitive information:
Paste the contents of your adsys.yaml file here, if you created one.
Additional information
No response
Double check your logs
- I have redacted any sensitive information from the logs