The profile we use for service certificates is failing to be loaded by dogtag resulting in the error:
ipa: ERROR: Certificate operation cannot be completed: FAILURE (Profile caIPAserviceCert Not Found)
This is filed against dogtag in bug https://bugzilla.redhat.com/show_bug.cgi?id=675742
The problem is the profile is owned by root, not pkiuser. Not sure how this happened or what is changing the ownership but post-install chmod to pkiuser:pkiuser and restarting pki-cad fixes it.
attachment freeipa-rcrit-714-ownership.patch
master: 95b0563
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.0.1 RC (bug fixing)
Login to comment on this ticket.