<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 11/26/2013 09:17 AM, Andrew Lau wrote:
<blockquote
cite="mid:CAD7dF9dkBkhTLHM_F5Bcg4yZ3vyC_pzEysO2dSRVpoLPVVFpXg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:tahoma,sans-serif"><span
style="font-family:arial">On Wed, Nov 27, 2013 at 12:58 AM,
Rob Crittenden </span><span dir="ltr"
style="font-family:arial"><<a moz-do-not-send="true"
href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span><span
style="font-family:arial"> wrote:</span><br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb">
<div class="h5">Andrew Lau wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I've got an issue where I can't seem to remove a
host from my freeipa<br>
install. It gives me an error:<br>
<br>
Certificate operation cannot be completed: EXCEPTION
(Certificate serial<br>
number 0xfff0006 not found)<br>
<br>
I thought it might be a replica issue, so I forced
sync and also tried<br>
re-initializing the replica but no luck.<br>
<br>
Any suggestions?<br>
</blockquote>
<br>
</div>
</div>
Deleting a host does a number of additional things:<br>
- revokes the certificate for the host if it exists<br>
- deletes the services for that host, revoking their
certificates as needed<br>
<br>
So in this case the host has a certificate associated with
it and revocation is failing because the CA doesn't have a
record of this certificate.<br>
<br>
If you can be sure that the certificate is not in the IPA
CA you can clear the value with:<br>
<br>
# ipa host-mod --certificate= <a moz-do-not-send="true"
href="http://test.example.com" target="_blank">test.example.com</a><br>
<br>
This passes an empty value to --certificate which results
in removing the value. Then you should be able to delete
the host.<span class="HOEnZb"><font color="#888888"><br>
<br>
rob<br>
<br>
</font></span></blockquote>
</div>
<br>
</div>
<div class="gmail_extra">
<div class="gmail_default"
style="font-family:tahoma,sans-serif">Thanks that worked.</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif">
<br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif">Andrew.</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
Adding solved tag to subj.<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>