hi, Centos 6.5.
I want to create a certificate request for our mysql servers. I came up with this command line: $ sudo /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname --fqdn`-mysql.crt -k /etc/pki/tls/private/`hostname --fqdn`-mysql.key -D `dnsdomainname` -U id-kp-serverAuth -K mysql/`hostname --fqdn` New signing request "20140915132335" added. But it gets rejected: Request ID '20140915132335': status: CA_REJECTED ca-error: Server denied our request, giving up: 2100 (RPC failed at server. Insufficient access: You need to be a member of the serviceadmin role to add services). stuck: yes key pair storage: type=FILE,location='/etc/pki/tls/private/hostname-mysql.key' certificate: type=FILE,location='/etc/pki/tls/certs/hostname-mysql.crt' CA: IPA issuer: subject: expires: unknown pre-save command: post-save command: track: yes auto-renew: yes I think I have the serviceadmin role: $ ipa role-show "it specialist" Role name: IT Specialist Description: IT Specialist Member groups: admins Privileges: Host Administrators, Host Group Administrators, Service Administrators, Automount Administrators The account is member of group admins. What am I doing wrong? Thanks! -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project