Hello list, I was running freeipa 4.1 on Centos 7.1. I wanted to upgrade to freeipa 4.2.x to make use of user certificates.
Upgrade (through yum upgrade) went ok and I am now on version: Name : ipa-server Version : 4.2.0 Release : 15.el7_2.6 However I am unable to generate new certificates (this functionality was working perfectly before) When I use ipa-getcert request I get the following message (ipa-getcert list) *Failed request, will retry: 4001 (RPC failed at server. caIPAserviceCert: Certificate Profile not found* I read this blog: https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/ I tried the following: $ ipa certprofile-show caIPAserviceCert ipa: ERROR: caIPAserviceCert: Certificate Profile not found So i tried to download *caIPAserviceCert* from this url and importing it: $ wget https://raw.githubusercontent.com/encukou/freeipa/master/install/share/profiles/caIPAserviceCert.cfg $ ipa certprofile-import caIPAserviceCert --file caIPAserviceCert.cfg --desc "Default certificates" --store TRUE ipa: ERROR: Non-2xx response from CA REST API: 400 Bad Request. Profile already exists So I imported it with another profile name (caIPAserviceCert_new) and that worked (I can see it from the web interface, but I cannot see caIPAserviceCert there) I tried to use: ipa-getcert request -T caIPAserviceCert_new ... ... ... and that still gives the the infamous message above: *Failed request, will retry: 4001 (RPC failed at server. caIPAserviceCert: Certificate Profile not found* Could someone help me out please? I noticed that 4.2.3 is out with important bug fixes, is there a repository out there with Centos rmps? Regards Alessandro -- Alessandro De Maria [email protected]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
