freeipa

#928 dogtag configuring IPA service cert profile failing

Closed: Fixed None Opened 13 years ago by rcritten.

The profile we use for service certificates is failing to be loaded by dogtag resulting in the error:

ipa cert-request --add --principal=HTTP/panther.example.com panther.csr

ipa: ERROR: Certificate operation cannot be completed: FAILURE (Profile
caIPAserviceCert Not Found)

This is filed against dogtag in bug https://bugzilla.redhat.com/show_bug.cgi?id=675742

The problem is the profile is owned by root, not pkiuser. Not sure how this happened or what is changing the ownership but post-install chmod to pkiuser:pkiuser and restarting pki-cad fixes it.

rcritten commented 13 years ago

attachment
freeipa-rcrit-714-ownership.patch

rcritten commented 13 years ago

master: 95b0563

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.0.1 RC (bug fixing)

7 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 2.0.1 RC (bug fixing)

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=675742

tester

None

changelog

None

design

None

freeipa

Source Code

#928 dogtag configuring IPA service cert profile failing Closed: Fixed None Opened 13 years ago by rcritten.

ipa cert-request --add --principal=HTTP/panther.example.com panther.csr

Metadata

#928 dogtag configuring IPA service cert profile failing

Closed: Fixed None Opened 13 years ago by rcritten.