failed to sign: error enrolling certificate with Command.

[char-iot]

after the workaround from #25, I continued to test.

I would get an error with certificate request:

Failed to sign: error enrolling certificate with Command. Verify that the certificate template "template T" exists and that the certificate authority "template ca" (tca.test.intern) is configured correctly. Also verify that the metadata fields provided exist in Command.

when I go through the log there is another error:

ERROR   error enrolling certificate with Command. Verify that the certificate template "template T" exists and that the certificate authority "template ca" (tca.test.intern) is configured correctly. Also verify that the metadata fields provided exist in Command.  {"controller": "certificaterequest", "controllerGroup": "cert-manager.io", "controllerKind": "CertificateRequest", "CertificateRequest": {"name":"command-certificate-1","namespace":"cert-manager"}, "namespace": "cert-manager", "name": "command-certificate-1", "reconcileID": "43ba1dd7-a-a-a-a", "error": "Post \"https://pki.test.intern/KeyfactorAPI/Enrollment/CSR\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}

most bizzar part is, later when I check https://pki.test.intern/KeyfactorPortal/ Certificates were issued!

[char-iot]

@m8rmclaren I tried with another certificate template with metadata filled with default value. same error Failed to sign: error enrolling certificate with Command. Verify that the certificate template "template T" exists and that the certificate authority "template ca" (tca.test.intern) is configured correctly. and certificate is being generated periodically in command, which means template ca are all fine. if it's possible, could you fix this one first? this one doesn't have a workaround.

[char-iot]

@fiddlermikey @m8rmclaren @JDKeyfactor sorry to bother you again, but I'd really like this to work. Any glimpse of hope?

[m8rmclaren]

Hi @char-iot - Could you please provide me with the full log from the Command cert-manager Issuer pod? I'd like to know if the issue is still the REST client timing out when communicating with the connected Command platform.

[m8rmclaren]

Hi again @char-iot - I also want to point out that issues of this nature are best resolved by engaging your official Keyfactor Support Representative. Specifically, based on the error, it's evident that the problem could be network-related, not necessarily Command cert-manager Issuer-related.

context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Your Keyfactor Support Representative will have more context on your Command deployment that might not be appropriate to share publically via a GitHub Issue.

[char-iot]

Hi again @m8rmclaren sorry for the delay. there's been a reorg in company. I submit a request#115034 on https://support.keyfactor.com/, would you be able and interested to support me/ us in a live debug session?

It doesn't seem to be network related, request made by ccmi arrives at our keyfactor command test server and certificates are being issued, it's the answer/ response not coming back from command to ccmi and because there is no answer or it times out, it assumes some error.