On Wed, Nov 27, 2013 at 12:58 AM, Rob Crittenden <rcrit...@redhat.com>wrote:
> Andrew Lau wrote: > >> Hi, >> >> I've got an issue where I can't seem to remove a host from my freeipa >> install. It gives me an error: >> >> Certificate operation cannot be completed: EXCEPTION (Certificate serial >> number 0xfff0006 not found) >> >> I thought it might be a replica issue, so I forced sync and also tried >> re-initializing the replica but no luck. >> >> Any suggestions? >> > > Deleting a host does a number of additional things: > - revokes the certificate for the host if it exists > - deletes the services for that host, revoking their certificates as > needed > > So in this case the host has a certificate associated with it and > revocation is failing because the CA doesn't have a record of this > certificate. > > If you can be sure that the certificate is not in the IPA CA you can clear > the value with: > > # ipa host-mod --certificate= test.example.com > > This passes an empty value to --certificate which results in removing the > value. Then you should be able to delete the host. > > rob > > Thanks that worked. Andrew.
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users