On Wed, Dec 09, 2015 at 10:46:06AM +0000, [email protected] wrote: > Hello, > > Im trying to import and use a certificate profile in IPAv4.2 on RHEL. > > I've exported the default caIPAServiceCert profile and did the following > modification: > < profileId=caIPAserviceCert > --- > > profileId=KPNWebhostingAEM > 87c87 > < > policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, > O=IPADOMAIN > --- > > policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, > > OU=TESTAEM, O=IPADOMAIN > > Profile > Profile ID: KPNWebhostingAEM > Profile description: KPN Webhosting AEM > Store issued certificates: TRUE > > CAACL > ACL name: ING Intermediairs AEM Application Servers > Enabled: TRUE > Profiles: KPNWebhostingServiceCertAEM, KPNWebhostingAEM > Host Groups: xxx_accp_applications, xxx_prod_applications > > Trying to request a certificate for a server > ipa-getcert request -r -I mongo2 -f /etc/pki/tls/certs/host.crt -k > /etc/pki/tls/certs/host.key -TKPNWebhostingAEM > > Results in: > ipa-getcert list > Number of certificates and requests being tracked: 1. > Request ID 'mongo2': > status: CA_UNREACHABLE > ca-error: Server at https://pvlipa1001c.ipadomain/ipa/xml failed > request, will retry: 4301 (RPC failed at server. Certificate operation > cannot be completed: FAILURE (Policy Set Not Found)). > stuck: no > key pair storage: type=FILE,location='/etc/pki/tls/certs/host.key' > certificate: type=FILE,location='/etc/pki/tls/certs/host.crt' > CA: IPA > issuer: > subject: > expires: unknown > pre-save command: > post-save command: > track: yes > auto-renew: yes > > Since the same setup was working to request certificates on my lab > environment I'm at a loss what is causing the error. > > Met vriendelijke groet, > Hi Wouter,
I'm looking into this; stay tuned. Fraser > Wouter Hummelink > Cloud Engineer > [Description: Beschrijving: Beschrijving: cid:[email protected]] > KPN IT Solutions > Platform Organisation Cloud Services > Mail: [email protected]<mailto:[email protected]> > Telefoon: +31 (0)6 1288 2447 > [cid:[email protected]] > P Save Paper - Do you really need to print this e-mail? > ********************************************************************************************************************************************************* > KPN IT SOLUTIONS is de 'handelsnaam' voor KPN Corporate Market BV, > Handelsregister 52959597 Amsterdam > The information transmitted is intended only for use by the addressee and may > contain confidential and/or privileged material. > Any review, re-transmission, dissemination or other use of it, or the taking > of any action in reliance upon this information by persons > and/or entities other than the intended recipient is prohibited. If you > received this in error, please inform the sender and/or addressee immediately > and delete the material. Thank you. > ********************************************************************************************************************************************************* > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
