[Freeipa-users] Failed to remove host (Some entries were not deleted)
Andrew Lau
andrew at andrewklau.com
Tue Nov 26 14:17:23 UTC 2013
On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden <rcritten at redhat.com>wrote:
> Andrew Lau wrote:
>
>> Hi,
>>
>> I've got an issue where I can't seem to remove a host from my freeipa
>> install. It gives me an error:
>>
>> Certificate operation cannot be completed: EXCEPTION (Certificate serial
>> number 0xfff0006 not found)
>>
>> I thought it might be a replica issue, so I forced sync and also tried
>> re-initializing the replica but no luck.
>>
>> Any suggestions?
>>
>
> Deleting a host does a number of additional things:
> - revokes the certificate for the host if it exists
> - deletes the services for that host, revoking their certificates as
> needed
>
> So in this case the host has a certificate associated with it and
> revocation is failing because the CA doesn't have a record of this
> certificate.
>
> If you can be sure that the certificate is not in the IPA CA you can clear
> the value with:
>
> # ipa host-mod --certificate= test.example.com
>
> This passes an empty value to --certificate which results in removing the
> value. Then you should be able to delete the host.
>
> rob
>
>
Thanks that worked.
Andrew.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131127/b9b9efdb/attachment.htm>
More information about the Freeipa-users
mailing list