Refer the user to freeipa.org when something goes wrong in ipa-cacert-manage

https://fedorahosted.org/freeipa/ticket/4781 Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-12-09 12:47:58 +0000
committer: Jan Cholasta <jcholast@redhat.com> 2014-12-10 17:08:49 +0000
commit: 8f9c5988e2f370cef66a4cd7cf3d363f061a439c (patch)
tree: 08b0661e080ca566d8e84065b85c6d3d3be6b3a2 /ipaserver
parent: f7f3c83748b3b5d5d968cc3c72145f3c5f23cd8b (diff)
download: freeipa-8f9c5988e2f370cef66a4cd7cf3d363f061a439c.tar.gz
freeipa-8f9c5988e2f370cef66a4cd7cf3d363f061a439c.tar.xz
freeipa-8f9c5988e2f370cef66a4cd7cf3d363f061a439c.zip
1 files changed, 18 insertions, 5 deletions
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index 8fda6a263..e07460169 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -221,12 +221,21 @@ class CACertManage(admintool.AdminTool):
             nss_cert = x509.load_certificate_from_file(cert_file.name)
             cert = nss_cert.der_data
             if nss_cert.subject != subject:
-                raise admintool.ScriptError("Subject name mismatch")
+                raise admintool.ScriptError(
+                    "Subject name mismatch (visit "
+                    "http://www.freeipa.org/page/Troubleshooting for "
+                    "troubleshooting guide)")
             if x509.get_der_subject(cert, x509.DER) != der_subject:
-                raise admintool.ScriptError("Subject name encoding mismatch")
+                raise admintool.ScriptError(
+                    "Subject name encoding mismatch (visit "
+                    "http://www.freeipa.org/page/Troubleshooting for "
+                    "troubleshooting guide)")
             #pylint: disable=E1101
             if nss_cert.subject_public_key_info.format() != pkinfo:
-                raise admintool.ScriptError("Subject public key info mismatch")
+                raise admintool.ScriptError(
+                    "Subject public key info mismatch (visit "
+                    "http://www.freeipa.org/page/Troubleshooting for "
+                    "troubleshooting guide)")
             #pylint: enable=E1101
         finally:
             del nss_cert
@@ -253,7 +262,9 @@ class CACertManage(admintool.AdminTool):
                 tmpdb.verify_ca_cert_validity('IPA CA')
             except ValueError, e:
                 raise admintool.ScriptError(
-                    "Not a valid CA certificate: %s" % e)
+                    "Not a valid CA certificate: %s (visit "
+                    "http://www.freeipa.org/page/Troubleshooting for "
+                    "troubleshooting guide)" % e)
 
             trust_chain = tmpdb.get_trust_chain('IPA CA')[:-1]
             for nickname in trust_chain:
@@ -340,7 +351,9 @@ class CACertManage(admintool.AdminTool):
                 tmpdb.verify_ca_cert_validity(nickname)
             except ValueError, e:
                 raise admintool.ScriptError(
-                    "Not a valid CA certificate: %s" % e)
+                    "Not a valid CA certificate: %s (visit "
+                    "http://www.freeipa.org/page/Troubleshooting for "
+                    "troubleshooting guide)" % e)
 
         trust_flags = options.trust_flags
         if ((set(trust_flags) - set(',CPTcgpuw')) or
author	Jan Cholasta <jcholast@redhat.com>	2014-12-09 12:47:58 +0000
committer	Jan Cholasta <jcholast@redhat.com>	2014-12-10 17:08:49 +0000
commit	8f9c5988e2f370cef66a4cd7cf3d363f061a439c (patch)
tree	08b0661e080ca566d8e84065b85c6d3d3be6b3a2 /ipaserver
parent	f7f3c83748b3b5d5d968cc3c72145f3c5f23cd8b (diff)
download	freeipa-8f9c5988e2f370cef66a4cd7cf3d363f061a439c.tar.gz freeipa-8f9c5988e2f370cef66a4cd7cf3d363f061a439c.tar.xz freeipa-8f9c5988e2f370cef66a4cd7cf3d363f061a439c.zip