On Mon, Sep 14, 2015 at 09:59:40AM +0200, Jan Pazdziora wrote:
> On Sat, Sep 12, 2015 at 03:14:35PM +0200, Natxo Asenjo wrote:
> > On Sat, Sep 12, 2015 at 12:18 PM, Natxo Asenjo <[email protected]>
> > wrote:
> >
> > > on a a centos 7.1 host when enrolling it with (among other) the switch
> > > --request-cert it does not create a host certificate for it. The host is
> > > properly joined but not certificate is present.
> > >
> > > In the ipaclient-install.log file I see this:
> > >
> > > 2015-09-12T09:34:02Z ERROR certmonger request for host certificate failed
> >
> > it's not working when joining a centos 6.7 realm either, same error.
>
> Also reproduced on RHEL 7.1 and RHEL 7.2 (to be). I've filed
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1262718
>
> now.
>
> Thank you for bringing this to our attention.
It turns out it's wrong labeling if the /etc/ipa/nssdb directory that
the certificate should get stored in:
https://bugzilla.redhat.com/show_bug.cgi?id=1262718#c7
Giving it cert_t should help this particular issue but we need to
investigate if it has the potential to break something else.
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
