On Tue, Aug 04, 2015 at 07:29:13AM -0700, Janelle wrote:
> Well, I am more used to working with openssl directly, so I am a little
> confused when using FreeIPA and certmonger. I assume that when a
> certificate is in this state:
> status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN
> stuck: yes
> That it needs to be approved, but I am not sure where that is. I see all the
> "cert" commands, but don't see anything relating to approvals? Am I missing
> something obvious here?
That state means that certmonger went to use the private key (most often
for generating a signing request), but couldn't, either because the PIN
it was given can't be used to decrypt the private key, or because it's
having trouble reading the file in which it's been told the PIN is kept.
If there's a PIN file (the -p flag), check the SELinux labeling of the
file. Otherwise, check that the value that's specified (with the -P
flag) is correct -- if there isn't one, then there should be.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project