Better documentation of the profile format used in the certprofile plugin is needed.
[root@dhcp201-194 ~]# ipa certprofile-import TestcaUserCert1 --desc="TestcaUserCert1 profile Enrollment Profile" --store=False --file=/tmp/TestcaUserCert1.xml ipa: ERROR: invalid 'file': Profile ID is not present in profile data
Issue seen even in interactive mode: [root@dhcp201-194 ~]# ipa certprofile-import Profile ID: TestcaUserCert1 Profile description: Manual User Dual-Use Certificate Enrollment Store issued certificates [True]: False Filename: /tmp/x1.xml ipa: ERROR: invalid 'file': Profile ID is not present in profile data
I was able to add once i provided .cfg file (taken from template /var/lib/pki/pki-tomcatd/ca/profiles/ca
mkosek: problem in (2) is that XML profile was used and not the Dogtag standard profile (e.g. /usr/share/ipa/profiles/caIPAserviceCert.cfg). Maybe we should add better docs?
ftweedal: Yes, clearer doc is needed. I will file ticket.
Ticket is not finished yet, please don't close this ticket.
master:
ipa-4-2:
attachment freeipa-ftweedal-0031-certprofile-add-profile-format-explanation.patch
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1200694 (Red Hat Enterprise Linux 7)
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1252557
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.