Andrew Lau wrote:
Hi,
I've got an issue where I can't seem to remove a host from my freeipa
install. It gives me an error:
Certificate operation cannot be completed: EXCEPTION (Certificate serial
number 0xfff0006 not found)
I thought it might be a replica issue, so I forced sync and also tried
re-initializing the replica but no luck.
Any suggestions?
Deleting a host does a number of additional things:
- revokes the certificate for the host if it exists
- deletes the services for that host, revoking their certificates as
needed
So in this case the host has a certificate associated with it and
revocation is failing because the CA doesn't have a record of this
certificate.
If you can be sure that the certificate is not in the IPA CA you can
clear the value with:
# ipa host-mod --certificate= test.example.com
This passes an empty value to --certificate which results in removing
the value. Then you should be able to delete the host.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users