On 11/26/2013 09:17 AM, Andrew Lau wrote: > On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>>wrote: > > Andrew Lau wrote: > > Hi, > > I've got an issue where I can't seem to remove a host from my > freeipa > install. It gives me an error: > > Certificate operation cannot be completed: EXCEPTION > (Certificate serial > number 0xfff0006 not found) > > I thought it might be a replica issue, so I forced sync and > also tried > re-initializing the replica but no luck. > > Any suggestions? > > > Deleting a host does a number of additional things: > - revokes the certificate for the host if it exists > - deletes the services for that host, revoking their certificates > as needed > > So in this case the host has a certificate associated with it and > revocation is failing because the CA doesn't have a record of this > certificate. > > If you can be sure that the certificate is not in the IPA CA you > can clear the value with: > > # ipa host-mod --certificate= test.example.com > <http://test.example.com> > > This passes an empty value to --certificate which results in > removing the value. Then you should be able to delete the host. > > rob > > > Thanks that worked. > > Andrew. > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users Adding solved tag to subj.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users