I've been trying to work through the instructions at
https://www.freeipa.org/page/Apache_SNI_With_Kerberos and have not been having
much luck. I've followed the instructions there exactly, ending with the
> ipa-getcert request -r -f /etc/httpd/certs/example.crt -k
> /etc/httpd/certs/example.key -N CN=www.example.com -D www.example.com -K
but I keep getting the following:
> ca-error: Server at https://ipa.example.com/ipa/xml denied our request,
> giving up: 2100 (RPC failed at server. Insufficient access: not allowed to
> perform this command).
What's interesting is it creates the private key file but the certificate
fails. I cannot find anything in the logs on either the ipa or the client
machine that would indicate what that failure is.
Does anyone recognize this situation where the key file is created but the
certificate is not created?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project