Hello, Im trying to import and use a certificate profile in IPAv4.2 on RHEL.
I've exported the default caIPAServiceCert profile and did the following modification: < profileId=caIPAserviceCert --- > profileId=KPNWebhostingAEM 87c87 < policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=IPADOMAIN --- > policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, > OU=TESTAEM, O=IPADOMAIN Profile Profile ID: KPNWebhostingAEM Profile description: KPN Webhosting AEM Store issued certificates: TRUE CAACL ACL name: ING Intermediairs AEM Application Servers Enabled: TRUE Profiles: KPNWebhostingServiceCertAEM, KPNWebhostingAEM Host Groups: xxx_accp_applications, xxx_prod_applications Trying to request a certificate for a server ipa-getcert request -r -I mongo2 -f /etc/pki/tls/certs/host.crt -k /etc/pki/tls/certs/host.key -TKPNWebhostingAEM Results in: ipa-getcert list Number of certificates and requests being tracked: 1. Request ID 'mongo2': status: CA_UNREACHABLE ca-error: Server at https://pvlipa1001c.ipadomain/ipa/xml failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: FAILURE (Policy Set Not Found)). stuck: no key pair storage: type=FILE,location='/etc/pki/tls/certs/host.key' certificate: type=FILE,location='/etc/pki/tls/certs/host.crt' CA: IPA issuer: subject: expires: unknown pre-save command: post-save command: track: yes auto-renew: yes Since the same setup was working to request certificates on my lab environment I'm at a loss what is causing the error. Met vriendelijke groet, Wouter Hummelink Cloud Engineer [Description: Beschrijving: Beschrijving: cid:image003.gif@01CC7CE9.FCFEC140] KPN IT Solutions Platform Organisation Cloud Services Mail: wouter.hummel...@kpn.com<mailto:wouter.hummel...@kpn.com> Telefoon: +31 (0)6 1288 2447 [cid:image002.png@01D0DA65.706AE4B0] P Save Paper - Do you really need to print this e-mail? ********************************************************************************************************************************************************* KPN IT SOLUTIONS is de 'handelsnaam' voor KPN Corporate Market BV, Handelsregister 52959597 Amsterdam The information transmitted is intended only for use by the addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. Thank you. *********************************************************************************************************************************************************
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project