On Mon, Sep 14, 2015 at 09:59:40AM +0200, Jan Pazdziora wrote:
> On Sat, Sep 12, 2015 at 03:14:35PM +0200, Natxo Asenjo wrote:
> > On Sat, Sep 12, 2015 at 12:18 PM, Natxo Asenjo <natxo.ase...@gmail.com>
> > wrote:
> > 
> > > on a a centos 7.1 host when enrolling it with (among other) the switch
> > > --request-cert it does not create a host certificate for it. The host is
> > > properly joined but not certificate is present.
> > >
> > > In the ipaclient-install.log file I see this:
> > >
> > > 2015-09-12T09:34:02Z ERROR certmonger request for host certificate failed
> > 
> > it's not working when joining a centos 6.7 realm either, same error.
> 
> Also reproduced on RHEL 7.1 and RHEL 7.2 (to be). I've filed
> 
>       https://bugzilla.redhat.com/show_bug.cgi?id=1262718
> 
> now.
> 
> Thank you for bringing this to our attention.

It turns out it's wrong labeling if the /etc/ipa/nssdb directory that
the certificate should get stored in:

        https://bugzilla.redhat.com/show_bug.cgi?id=1262718#c7

Giving it cert_t should help this particular issue but we need to
investigate if it has the potential to break something else.

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to