Petr Vobornik wrote:
On 09/21/2016 05:06 PM, Natxo Asenjo wrote:
hi Petr,

On Wed, Sep 21, 2016 at 4:38 PM, Petr Vobornik <
<>> wrote:

     On 09/21/2016 10:50 AM, Natxo Asenjo wrote:

     > When I try to resubmit certificates from certmonger they still hit the 
kdc01 web
     > server, so the requests hang on an status: CA_UNREACHABLE
     >      ca-error: Server failed request, will retry: 4301 (RPC failed at 
     > Certificate operation cannot be completed: Failure decoding Certificate 
     > Request).

     Where does it happen? On arbitrary client which was installed in a past
     against the removed kdc01?


     If so could you look into /etc/ipa/default.conf and change host option
     from kdc01 to the 7.2 IPA sever?

ok, done.

In fact, change both the domain as the xmlrpc_uri directives in the global
section was necessary. Now It worked :-)

So, what should be the correct value for dns discovery for both directives using
dns discovery?

I don't think there is a support for DNS discovery in Certmonger. CCing Rob.

That is correct, it uses the value from the ipa config file.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to