Hello,
Im trying to import and use a certificate profile in IPAv4.2 on RHEL.
I've exported the default caIPAServiceCert profile and did the following
modification:
< profileId=caIPAserviceCert
---
> profileId=KPNWebhostingAEM
87c87
<
policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$,
O=IPADOMAIN
---
> policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$,
> OU=TESTAEM, O=IPADOMAIN
Profile
Profile ID: KPNWebhostingAEM
Profile description: KPN Webhosting AEM
Store issued certificates: TRUE
CAACL
ACL name: ING Intermediairs AEM Application Servers
Enabled: TRUE
Profiles: KPNWebhostingServiceCertAEM, KPNWebhostingAEM
Host Groups: xxx_accp_applications, xxx_prod_applications
Trying to request a certificate for a server
ipa-getcert request -r -I mongo2 -f /etc/pki/tls/certs/host.crt -k
/etc/pki/tls/certs/host.key -TKPNWebhostingAEM
Results in:
ipa-getcert list
Number of certificates and requests being tracked: 1.
Request ID 'mongo2':
status: CA_UNREACHABLE
ca-error: Server at https://pvlipa1001c.ipadomain/ipa/xml failed
request, will retry: 4301 (RPC failed at server. Certificate operation cannot
be completed: FAILURE (Policy Set Not Found)).
stuck: no
key pair storage: type=FILE,location='/etc/pki/tls/certs/host.key'
certificate: type=FILE,location='/etc/pki/tls/certs/host.crt'
CA: IPA
issuer:
subject:
expires: unknown
pre-save command:
post-save command:
track: yes
auto-renew: yes
Since the same setup was working to request certificates on my lab environment
I'm at a loss what is causing the error.
Met vriendelijke groet,
Wouter Hummelink
Cloud Engineer
[Description: Beschrijving: Beschrijving: cid:[email protected]]
KPN IT Solutions
Platform Organisation Cloud Services
Mail: [email protected]<mailto:[email protected]>
Telefoon: +31 (0)6 1288 2447
[cid:[email protected]]
P Save Paper - Do you really need to print this e-mail?
*********************************************************************************************************************************************************
KPN IT SOLUTIONS is de 'handelsnaam' voor KPN Corporate Market BV,
Handelsregister 52959597 Amsterdam
The information transmitted is intended only for use by the addressee and may
contain confidential and/or privileged material.
Any review, re-transmission, dissemination or other use of it, or the taking of
any action in reliance upon this information by persons
and/or entities other than the intended recipient is prohibited. If you
received this in error, please inform the sender and/or addressee immediately
and delete the material. Thank you.
*********************************************************************************************************************************************************
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
