[Freeipa-users] [SOLVED] Re: Failed to remove host (Some entries were not deleted)
Dmitri Pal
dpal at redhat.com
Tue Nov 26 18:54:44 UTC 2013
On 11/26/2013 09:17 AM, Andrew Lau wrote:
> On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>>wrote:
>
> Andrew Lau wrote:
>
> Hi,
>
> I've got an issue where I can't seem to remove a host from my
> freeipa
> install. It gives me an error:
>
> Certificate operation cannot be completed: EXCEPTION
> (Certificate serial
> number 0xfff0006 not found)
>
> I thought it might be a replica issue, so I forced sync and
> also tried
> re-initializing the replica but no luck.
>
> Any suggestions?
>
>
> Deleting a host does a number of additional things:
> - revokes the certificate for the host if it exists
> - deletes the services for that host, revoking their certificates
> as needed
>
> So in this case the host has a certificate associated with it and
> revocation is failing because the CA doesn't have a record of this
> certificate.
>
> If you can be sure that the certificate is not in the IPA CA you
> can clear the value with:
>
> # ipa host-mod --certificate= test.example.com
> <http://test.example.com>
>
> This passes an empty value to --certificate which results in
> removing the value. Then you should be able to delete the host.
>
> rob
>
>
> Thanks that worked.
>
> Andrew.
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Adding solved tag to subj.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131126/fc075a90/attachment.htm>
More information about the Freeipa-users
mailing list