[Freeipa-users] ipa-client-install --request-cert fails
Jan Pazdziora
jpazdziora at redhat.com
Tue Sep 15 09:03:27 UTC 2015
On Mon, Sep 14, 2015 at 09:59:40AM +0200, Jan Pazdziora wrote:
> On Sat, Sep 12, 2015 at 03:14:35PM +0200, Natxo Asenjo wrote:
> > On Sat, Sep 12, 2015 at 12:18 PM, Natxo Asenjo <natxo.asenjo at gmail.com>
> > wrote:
> >
> > > on a a centos 7.1 host when enrolling it with (among other) the switch
> > > --request-cert it does not create a host certificate for it. The host is
> > > properly joined but not certificate is present.
> > >
> > > In the ipaclient-install.log file I see this:
> > >
> > > 2015-09-12T09:34:02Z ERROR certmonger request for host certificate failed
> >
> > it's not working when joining a centos 6.7 realm either, same error.
>
> Also reproduced on RHEL 7.1 and RHEL 7.2 (to be). I've filed
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1262718
>
> now.
>
> Thank you for bringing this to our attention.
It turns out it's wrong labeling if the /etc/ipa/nssdb directory that
the certificate should get stored in:
https://bugzilla.redhat.com/show_bug.cgi?id=1262718#c7
Giving it cert_t should help this particular issue but we need to
investigate if it has the potential to break something else.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list