ModioAB / caramel

Caramel is a CA Registry Manager
GNU Affero General Public License v3.0
16 stars 5 forks source link

Error requesting new cert #40

Open ooduor opened 8 years ago

ooduor commented 8 years ago

Apparently due to existing csr and key files.

[anthony@archilles request-certificate]$ ./request-cert ca.modio.se install.webapp
Key file install.webapp.key is valid; using it
Certificate signing request file install.webapp.csr is valid; using it
Starting new HTTPS connection (1): ca.modio.se
/usr/lib/python3.5/site-packages/urllib3/connection.py:266: SubjectAltNameWarning: Certificate for ca.modio.se has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
CSR not posted; posting it
Request failed: {'title': 'Bad Request', 'status': 400, 'detail': "Bad subject: (('O', 'Modio Caramel Public'), ('OU', 'Caramel'), ('CN', 'install.webapp')) do not match (('ST', 'Östergötland'), ('L', 'Linköping'), ('O', 'Modio AB'))"}
Traceback (most recent call last):
  File "./request-cert", line 5, in <module>
    main()
  File "/opt/mapylons/caramel/request-certificate/caramelrequest/certificaterequest.py", line 226, in main
    CertificateRequest(server=server, client_id=client_id).perform()
  File "/opt/mapylons/caramel/request-certificate/caramelrequest/certificaterequest.py", line 36, in perform
    self.request_cert_from_server()
  File "/opt/mapylons/caramel/request-certificate/caramelrequest/certificaterequest.py", line 172, in request_cert_from_server
    response.raise_for_status()
  File "/usr/lib/python3.5/site-packages/requests/models.py", line 840, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://ca.modio.se/d9e0cc05c338b1b3a5be660f6cc74708c53b14c5e52a0aa92eab2770867ce27d
Spindel commented 8 years ago

The error here is that we're just raising the HTTPError.

The HTTPError from the server is completely valid & correct, request-cert should just be a tad nicer about what it does, and preferrably helpfully suggest: "Delete your csr and start over"