Hello all,
I finally got something working, and found something of a cause.
I replaced
policyset.serverCertSet.1.default.params.name=CN=$$request.req_subject_name.cn$$,
$SUBJECT_DN_O
with
policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$,
o=FAKEDOMAIN.LOCAL
imported the new profile, the error was gone and the certificate issued.
Some further investigation showed me it wasn't just right yet. I examed the
certificate and found this (removed the other parts of the certificate:
Authority Information Access:
OCSP - URI:http://$IPA_CA_RECORD.$DOMAIN/ca/ocsp
Full Name:
URI:http://$IPA_CA_RECORD.$DOMAIN/ipa/crl/MasterCRL.bin
So somehow the variables are not being processed. For now i just put the domain
name in the profile and it is working.
Does anyone have any idea why this is (not) happening? And how to fix it? For
now it is working but i would like the original profile working again.
Best regards,
Jochem Kuijpers
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
