On Wed, Dec 09, 2015 at 10:46:06AM +0000, wouter.hummel...@kpn.com wrote:
> Hello,
> 
> Im trying to import and use a certificate profile in IPAv4.2 on RHEL.
> 
> I've exported the default caIPAServiceCert profile and did the following 
> modification:
> < profileId=caIPAserviceCert
> ---
> > profileId=KPNWebhostingAEM
> 87c87
> < 
> policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$,
>  O=IPADOMAIN
> ---
> > policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$,
> >  OU=TESTAEM, O=IPADOMAIN
> 
> Profile
>   Profile ID: KPNWebhostingAEM
>   Profile description: KPN Webhosting AEM
>   Store issued certificates: TRUE
> 
> CAACL
>   ACL name: ING Intermediairs AEM Application Servers
>   Enabled: TRUE
>   Profiles: KPNWebhostingServiceCertAEM, KPNWebhostingAEM
>   Host Groups: xxx_accp_applications, xxx_prod_applications
> 
> Trying to request a certificate for a server
> ipa-getcert request -r -I mongo2 -f /etc/pki/tls/certs/host.crt -k 
> /etc/pki/tls/certs/host.key  -TKPNWebhostingAEM
> 
> Results in:
> ipa-getcert list
> Number of certificates and requests being tracked: 1.
> Request ID 'mongo2':
>         status: CA_UNREACHABLE
>         ca-error: Server at https://pvlipa1001c.ipadomain/ipa/xml failed 
> request, will retry: 4301 (RPC failed at server.  Certificate operation 
> cannot be completed: FAILURE (Policy Set Not Found)).
>         stuck: no
>         key pair storage: type=FILE,location='/etc/pki/tls/certs/host.key'
>         certificate: type=FILE,location='/etc/pki/tls/certs/host.crt'
>         CA: IPA
>         issuer:
>         subject:
>         expires: unknown
>         pre-save command:
>         post-save command:
>         track: yes
>         auto-renew: yes
> 
> Since the same setup was working to request certificates on my lab 
> environment I'm at a loss what is causing the error.
> 
> Met vriendelijke groet,
> 
Hi Wouter,

I'm looking into this; stay tuned.

Fraser

> Wouter Hummelink
> Cloud Engineer
> [Description: Beschrijving: Beschrijving: cid:image003.gif@01CC7CE9.FCFEC140]
> KPN IT Solutions
> Platform Organisation Cloud Services
> Mail: wouter.hummel...@kpn.com<mailto:wouter.hummel...@kpn.com>
> Telefoon: +31 (0)6 1288 2447
> [cid:image002.png@01D0DA65.706AE4B0]
> P Save Paper - Do you really need to print this e-mail?
> *********************************************************************************************************************************************************
> KPN IT SOLUTIONS is de 'handelsnaam' voor KPN Corporate Market BV, 
> Handelsregister 52959597 Amsterdam
> The information transmitted is intended only for use by the addressee and may 
> contain confidential and/or privileged material.
> Any review, re-transmission, dissemination or other use of it, or the taking 
> of any action in reliance upon this information by persons
> and/or entities other than the intended recipient is prohibited. If you 
> received this in error, please inform the sender and/or addressee immediately
> and delete the material. Thank you.
> *********************************************************************************************************************************************************
> 




> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to