Hi all,

I've been trying to work through the instructions at 
https://www.freeipa.org/page/Apache_SNI_With_Kerberos and have not been having 
much luck. I've followed the instructions there exactly, ending with the 
following command:

> ipa-getcert request -r -f /etc/httpd/certs/example.crt -k 
> /etc/httpd/certs/example.key -N CN=www.example.com -D www.example.com -K 
> HTTP/www.example.com

but I keep getting the following:

> ca-error: Server at https://ipa.example.com/ipa/xml denied our request, 
> giving up: 2100 (RPC failed at server.  Insufficient access: not allowed to 
> perform this command).

What's interesting is it creates the private key file but the certificate 
fails. I cannot find anything in the logs on either the ipa or the client 
machine that would indicate what that failure is.

Does anyone recognize this situation where the key file is created but the 
certificate is not created?

Thanks!

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to