On [Sat, 26.03.2016 03:26], Timothy Geier wrote:
  To follow up on this issue, we haven’t been able to get any further since
  last month due to the missing caServerCert profile..the configuration
  files /usr/share/pki/ca/profiles/ca/caServerCert.cfg
  and /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg are present
  and are identical.   The pki-ca package
  passes rpm -V as well.   Are there any other troubleshooting steps we can

Can you please check if the profile is available in the LDAP trees:

# ldapsearch -LLLx -D "cn=Directory Manager" -W -b cn=certprofiles,cn=ca,$suffix
# ldapsearch -LLLx -D "cn=Directory Manager" -W -b ou=certificateProfiles,ou=ca,o=ipaca
If this is the case, please check if the profile is accessable by the

# kinit -kt /etc/krb5.keytab; klist; ipa certprofile-show caIPAserviceCert

I either suspect that the profiles have not been properly migrated to
the LDAP tree or that some ACIs are missing to allow access to the


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to