Hello all, I finally got something working, and found something of a cause.
I replaced policyset.serverCertSet.1.default.params.name=CN=$$request.req_subject_name.cn$$, $SUBJECT_DN_O with policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, o=FAKEDOMAIN.LOCAL imported the new profile, the error was gone and the certificate issued. Some further investigation showed me it wasn't just right yet. I examed the certificate and found this (removed the other parts of the certificate: Authority Information Access: OCSP - URI:http://$IPA_CA_RECORD.$DOMAIN/ca/ocsp Full Name: URI:http://$IPA_CA_RECORD.$DOMAIN/ipa/crl/MasterCRL.bin So somehow the variables are not being processed. For now i just put the domain name in the profile and it is working. Does anyone have any idea why this is (not) happening? And how to fix it? For now it is working but i would like the original profile working again. Best regards, Jochem Kuijpers _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org