Hi all, I've been trying to work through the instructions at https://www.freeipa.org/page/Apache_SNI_With_Kerberos and have not been having much luck. I've followed the instructions there exactly, ending with the following command:
> ipa-getcert request -r -f /etc/httpd/certs/example.crt -k > /etc/httpd/certs/example.key -N CN=www.example.com -D www.example.com -K > HTTP/www.example.com but I keep getting the following: > ca-error: Server at https://ipa.example.com/ipa/xml denied our request, > giving up: 2100 (RPC failed at server. Insufficient access: not allowed to > perform this command). What's interesting is it creates the private key file but the certificate fails. I cannot find anything in the logs on either the ipa or the client machine that would indicate what that failure is. Does anyone recognize this situation where the key file is created but the certificate is not created? Thanks! -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
