Forum Discussion

eoirgjuhs's avatar
eoirgjuhs
Copper Contributor
Aug 18, 2025

generateCsr.sh failing

Hi,

I'm trying to run ./generateCsr.sh to generate a CSR, but it is failing with the following errors:

 

[2025-08-18 09:27:23] [GENERATE-CSR-BASH-SCRIPT] - Executing docker command: docker exec MCC bash -lc "source /tls/call-csr-endpoint.sh 'RSA' '2048' 'srv1_csr_20250818_092719' '<SUBJECT>' '<SAN>'"
[2025-08-18 09:27:23] [GENERATE-CSR-BASH-SCRIPT] - bash: /root/.bash_profile: Permission denied

<snip>

[2025-08-18 09:27:25] [GENERATE-CSR-BASH-SCRIPT] - mkdir: cannot create directory '/keys': Permission denied
[2025-08-18 09:27:25] [GENERATE-CSR-BASH-SCRIPT] - chmod: cannot access '/keys': No such file or directory
[2025-08-18 09:27:25] [GENERATE-CSR-BASH-SCRIPT] - /tls/call-csr-endpoint.sh: line 159: netstat: command not found
[2025-08-18 09:27:25] [GENERATE-CSR-BASH-SCRIPT] - CSR script completed successfully

[2025-08-18 09:27:25] [GENERATE-CSR-BASH-SCRIPT] - windowsCerts directory does not exist, CSR generated directly in certs directory
[2025-08-18 09:27:25] [GENERATE-CSR-BASH-SCRIPT] - ERROR: CSR file not found at expected location: /var/mcc/certs/certs/srv1_csr_20250818_092719.csr

 

MCC software version 2.0.0.2112_e

I've tried both Ubuntu 24.04 and Alma Linux 8. No CSR is generated

Any ideas?

3 Replies

  • eoirgjuhs's avatar
    eoirgjuhs
    Copper Contributor
    Aug 26, 2025

    This appeared to be caused by a permission issue on the cache folder. After setting the permission to 777 on the cache folder and rerunning deploymcc.sh, the issue was resolved.

  • eoirgjuhs's avatar
    eoirgjuhs
    Copper Contributor
    Aug 20, 2025

    Hey, thanks for the response.

    1. gMSA is a group managed service account? I'm not using anything like that, I've installed it directly on a linux VM with a local user account
    2. I didn't see any errors, cache node is showing as healthy in the portal. I've also tried it twice with two different linux distros
  • bindumadhava's avatar
    bindumadhava
    Brass Contributor
    Aug 19, 2025

    hi 

     

    Two possibility that i can think of [what i had seen in my test]

    1. You are using gMSA which i think there is a open issue for cert generation
    2. Your Cache Node installation was not completely successful , may be during the last step after the waiting for 200 status code, it did not complete the TSL configuration. 

Resources