cepces.conf.dist: server should be pointed to actual CEP host

Question

cepces.conf.dist: server should be pointed to actual CEP host

definite opened this issue 3 years ago · 0 comments

Currently cepces.conf.dist look like:

[global]
# Hostname of the issuing certification authority. This is an optional setting
# and is only used to construct the URL to the Policy Provider endpoint.
#
# Default: ca
server=ca

The default ca will not work unless you configure it in /etc/hosts.

Traceback when using ca:

Jun 14 16:35:02 host.example.com certmonger[134817]: During handling of the above exception, another exception occurred:
Jun 14 16:35:02 host.example.com certmonger[134817]: Traceback (most recent call last):
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/libexec/certmonger/cepces-submit", line 65, in main
Jun 14 16:35:02 host.example.com certmonger[134817]:     service = Service(config)
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/cepces/core.py", line 90, in __init__
Jun 14 16:35:02 host.example.com certmonger[134817]:     self._policies = self._xcep.get_policies()
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/cepces/xcep/service.py", line 52, in get_policies
Jun 14 16:35:02 host.example.com certmonger[134817]:     response = self.send(envelope)
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/cepces/soap/service.py", line 87, in send
Jun 14 16:35:02 host.example.com certmonger[134817]:     auth=self._auth.transport)
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/requests/api.py", line 116, in post
Jun 14 16:35:02 host.example.com certmonger[134817]:     return request('post', url, data=data, json=json, **kwargs)
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/requests/api.py", line 60, in request
Jun 14 16:35:02 host.example.com certmonger[134817]:     return session.request(method=method, url=url, **kwargs)
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
Jun 14 16:35:02 host.example.com certmonger[134817]:     resp = self.send(prep, **send_kwargs)
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
Jun 14 16:35:02 host.example.com certmonger[134817]:     r = adapter.send(request, **kwargs)
Jun 14 16:35:02 host.example.com certmonger[134817]:   File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 516, in send
Jun 14 16:35:02 host.example.com certmonger[134817]:     raise ConnectionError(e, request=request)
Jun 14 16:35:02 host.example.com certmonger[134817]: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='ca', port=443): Max retries exceeded with url: /ADPolicyProvider_CEP_Kerberos/service.svc/CEP (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f4a416a1a20>: Failed to establish a new connection: [Errno -2] Name or service not known',))

I suggest the following change:

# Hostname of the Certificate Enrollment Policy (CEP) Server.
# Used to construct the URL to the CEP endpoint.
#
# Default: ca
server=ca