[Freeipa-users] ipa-getcert and SELinux
Martin Kosek
mkosek at redhat.com
Wed Mar 9 15:03:55 UTC 2016
On 03/07/2016 10:03 PM, Thomas Raehalme wrote:
> Hi!
>
> I have setup certificates for Puppet as described here:
> http://www.freeipa.org/page/Using_IPA's_CA_for_Puppet
>
> Unfortunately SELinux is giving me hard time when invoking "ipa-getcert
> request" to generate the private/public key for the Puppet agent
> (permission denied when trying to write the key pair to
> /var/lib/puppet/ssl).
>
> Disabling SELinux temporarily solves the issue, but the same problem
> reappears when renewing the certificate (ipa-getcert reports status
> NEED_CERTSAVE_PERMS for the request).
>
> What would be the proper way to enable the necessary permissions on SELinux?
>
> Best regards,
> Thomas
Hi Thomas,
Just for the record, I moved the page to
http://www.freeipa.org/page/Howto/Using_IPA%27s_CA_for_Puppet
and linked it from
http://www.freeipa.org/page/HowTos#Certificates
I see there was a similar page in the past, now claimed as rather outdated:
http://jcape.name/2012/01/16/using-the-freeipa-pki-with-puppet/
More information about the Freeipa-users
mailing list