On 08/04/2014 01:36 AM, Nordgren, Bryce L -FS wrote:
> Spoke too soon. I needed the following "extra" selinux policy module to make
> all the AVCs go away.
> BTW: the instructions on http://www.freeipa.org/page/PKI really only work if
> you leave the password blank when you create a new database with certutil.
> Otherwise, the "ipa-getcert request" command creates tracking requests which
> get stuck. Databases with passwords cause certmonger to error with a "Cert
> storage slot still needs user PIN to be set.." This took me a couple of hours
> to track down.
Hmm, sorry for incomplete instructions then. I updated the instructions to cope
with that situation better (details in
https://fedorahosted.org/freeipa/ticket/4466#comment:2). Please feel free to
report more findings or even better help us enhance the page even further :-)
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project