On 06/02/2015 06:37 PM, Martin Basti wrote:
On 02/06/15 14:11, Fraser Tweedale wrote:
On Mon, Jun 01, 2015 at 05:22:28PM +1000, Fraser Tweedale wrote:
* Maybe I do everything wrong :)
I'm not able to create certificate stored in FILE, via ipa-getcert request.
I'm getting error:
ca-error: Server at https://vm-137.example.com/ipa/xml failed request,
will retry: 4001 (RPC failed at server. vm-137.example....@example.com: host
Request ID '20150602154115':
ca-error: Server at https://vm-137.example.com/ipa/xml denied our request,
giving up: 2100 (RPC failed at server. Insufficient access: not allowed to
perform this command).
(I'm root and kinited as admin)
Maybe additional ACI is required for cert_request as it is VirtualCommand
Note that even if you run ipa-getcert kinited as root/admin, it asks certmonger
to do that job and certmonger works as host/... principal.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code