On 06/02/2015 06:37 PM, Martin Basti wrote:
On 02/06/15 14:11, Fraser Tweedale wrote:
On Mon, Jun 01, 2015 at 05:22:28PM +1000, Fraser Tweedale wrote:
...
4)
* Maybe I do everything wrong :)

  I'm not able to create certificate stored in FILE, via ipa-getcert request.
I'm getting error:
status: CA_UNREACHABLE
     ca-error: Server at https://vm-137.example.com/ipa/xml failed request,
will retry: 4001 (RPC failed at server. vm-137.example....@example.com: host
not found).

or error:
Request ID '20150602154115':
     status: CA_REJECTED
     ca-error: Server at https://vm-137.example.com/ipa/xml denied our request,
giving up: 2100 (RPC failed at server.  Insufficient access: not allowed to
perform this command).
(I'm root and kinited as admin)

Maybe additional ACI is required for cert_request as it is VirtualCommand

Note that even if you run ipa-getcert kinited as root/admin, it asks certmonger to do that job and certmonger works as host/... principal.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to