[Freeipa-users] Unable to get new certificates after upgrade
Alessandro De Maria
alessandro.demaria at gmail.com
Sat Feb 27 20:36:46 UTC 2016
Hello list,
I was running freeipa 4.1 on Centos 7.1.
I wanted to upgrade to freeipa 4.2.x to make use of user certificates.
Upgrade (through yum upgrade) went ok and I am now on version:
Name : ipa-server
Version : 4.2.0
Release : 15.el7_2.6
However I am unable to generate new certificates (this functionality was
working perfectly before)
When I use ipa-getcert request I get the following message (ipa-getcert
list)
*Failed request, will retry: 4001 (RPC failed at server. caIPAserviceCert:
Certificate Profile not found*
I read this blog:
https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/
I tried the following:
$ ipa certprofile-show caIPAserviceCert
ipa: ERROR: caIPAserviceCert: Certificate Profile not found
So i tried to download *caIPAserviceCert* from this url and importing it:
$ wget
https://raw.githubusercontent.com/encukou/freeipa/master/install/share/profiles/caIPAserviceCert.cfg
$ ipa certprofile-import caIPAserviceCert --file caIPAserviceCert.cfg
--desc "Default certificates" --store TRUE
ipa: ERROR: Non-2xx response from CA REST API: 400 Bad Request. Profile
already exists
So I imported it with another profile name (caIPAserviceCert_new) and that
worked (I can see it from the web interface, but I cannot see caIPAserviceCert
there)
I tried to use:
ipa-getcert request -T caIPAserviceCert_new ... ... ...
and that still gives the the infamous message above:
*Failed request, will retry: 4001 (RPC failed at server. caIPAserviceCert:
Certificate Profile not found*
Could someone help me out please? I noticed that 4.2.3 is out with
important bug fixes, is there a repository out there with Centos rmps?
Regards
Alessandro
--
Alessandro De Maria
alessandro.demaria at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160227/ac8798b0/attachment.htm>
More information about the Freeipa-users
mailing list