Petr Vobornik wrote:
On 09/21/2016 05:06 PM, Natxo Asenjo wrote:
hi Petr,
On Wed, Sep 21, 2016 at 4:38 PM, Petr Vobornik <[email protected]
<mailto:[email protected]>> wrote:
On 09/21/2016 10:50 AM, Natxo Asenjo wrote:
> When I try to resubmit certificates from certmonger they still hit the
kdc01 web
> server, so the requests hang on an status: CA_UNREACHABLE
> ca-error: Server failed request, will retry: 4301 (RPC failed at
server.
> Certificate operation cannot be completed: Failure decoding Certificate
Signing
> Request).
Where does it happen? On arbitrary client which was installed in a past
against the removed kdc01?
yes.
If so could you look into /etc/ipa/default.conf and change host option
from kdc01 to the 7.2 IPA sever?
ok, done.
In fact, change both the domain as the xmlrpc_uri directives in the global
section was necessary. Now It worked :-)
So, what should be the correct value for dns discovery for both directives using
dns discovery?
I don't think there is a support for DNS discovery in Certmonger. CCing Rob.
That is correct, it uses the value from the ipa config file.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
