From 675251b626028e8eb9b869ba661f919cec16da3c Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Tue, 9 Dec 2014 12:47:58 +0000 Subject: [PATCH] Refer the user to freeipa.org when something goes wrong in ipa-cacert-manage https://fedorahosted.org/freeipa/ticket/4781 Reviewed-By: Martin Kosek Reviewed-By: Martin Basti --- ipaserver/install/ipa_cacert_manage.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py index 8fda6a263454e8a4046baa1da069cdcddeb177a9..e074601692207253671ad4be6bca35458793625e 100644 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@ -221,12 +221,21 @@ class CACertManage(admintool.AdminTool): nss_cert = x509.load_certificate_from_file(cert_file.name) cert = nss_cert.der_data if nss_cert.subject != subject: - raise admintool.ScriptError("Subject name mismatch") + raise admintool.ScriptError( + "Subject name mismatch (visit " + "http://www.freeipa.org/page/Troubleshooting for " + "troubleshooting guide)") if x509.get_der_subject(cert, x509.DER) != der_subject: - raise admintool.ScriptError("Subject name encoding mismatch") + raise admintool.ScriptError( + "Subject name encoding mismatch (visit " + "http://www.freeipa.org/page/Troubleshooting for " + "troubleshooting guide)") #pylint: disable=E1101 if nss_cert.subject_public_key_info.format() != pkinfo: - raise admintool.ScriptError("Subject public key info mismatch") + raise admintool.ScriptError( + "Subject public key info mismatch (visit " + "http://www.freeipa.org/page/Troubleshooting for " + "troubleshooting guide)") #pylint: enable=E1101 finally: del nss_cert @@ -253,7 +262,9 @@ class CACertManage(admintool.AdminTool): tmpdb.verify_ca_cert_validity('IPA CA') except ValueError, e: raise admintool.ScriptError( - "Not a valid CA certificate: %s" % e) + "Not a valid CA certificate: %s (visit " + "http://www.freeipa.org/page/Troubleshooting for " + "troubleshooting guide)" % e) trust_chain = tmpdb.get_trust_chain('IPA CA')[:-1] for nickname in trust_chain: @@ -340,7 +351,9 @@ class CACertManage(admintool.AdminTool): tmpdb.verify_ca_cert_validity(nickname) except ValueError, e: raise admintool.ScriptError( - "Not a valid CA certificate: %s" % e) + "Not a valid CA certificate: %s (visit " + "http://www.freeipa.org/page/Troubleshooting for " + "troubleshooting guide)" % e) trust_flags = options.trust_flags if ((set(trust_flags) - set(',CPTcgpuw')) or -- 2.1.0