<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 11/26/2013 09:17 AM, Andrew Lau wrote: <blockquote cite="mid:CAD7dF9dkBkhTLHM_F5Bcg4yZ3vyC_pzEysO2dSRVpoLPVVFpXg@mail.gmail.com" type="cite"> <div dir="ltr"> <div class="gmail_default" style="font-family:tahoma,sans-serif"><span style="font-family:arial">On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden </span><span dir="ltr" style="font-family:arial"><<a moz-do-not-send="true" href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span><span style="font-family:arial"> wrote:</span><br> </div> <div class="gmail_extra"> <div class="gmail_quote"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div class="HOEnZb"> <div class="h5">Andrew Lau wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi,<br> <br> I've got an issue where I can't seem to remove a host from my freeipa<br> install. It gives me an error:<br> <br> Certificate operation cannot be completed: EXCEPTION (Certificate serial<br> number 0xfff0006 not found)<br> <br> I thought it might be a replica issue, so I forced sync and also tried<br> re-initializing the replica but no luck.<br> <br> Any suggestions?<br> </blockquote> <br> </div> </div> Deleting a host does a number of additional things:<br> - revokes the certificate for the host if it exists<br> - deletes the services for that host, revoking their certificates as needed<br> <br> So in this case the host has a certificate associated with it and revocation is failing because the CA doesn't have a record of this certificate.<br> <br> If you can be sure that the certificate is not in the IPA CA you can clear the value with:<br> <br> # ipa host-mod --certificate= <a moz-do-not-send="true" href="http://test.example.com" target="_blank">test.example.com</a><br> <br> This passes an empty value to --certificate which results in removing the value. Then you should be able to delete the host.<span class="HOEnZb"><font color="#888888"><br> <br> rob<br> <br> </font></span></blockquote> </div> <br> </div> <div class="gmail_extra"> <div class="gmail_default" style="font-family:tahoma,sans-serif">Thanks that worked.</div> <div class="gmail_default" style="font-family:tahoma,sans-serif"> <br> </div> <div class="gmail_default" style="font-family:tahoma,sans-serif">Andrew.</div> <br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> Adding solved tag to subj.<br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>