Hi, I need to create a new certificate for my Asus router. The router is not part of freeipa domain so I need to manually update the certificate when it expires.
getcert request -k /etc/pki/router_private -f /etc/pki/router_cert -D router.my.lan -N "cn=router.my.lan" -K http/router.my.lan -c IPA then getcert list shows this: Request ID '20170722085458': status: CA_REJECTED ca-error: Server at https://ipa.my.lan/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: Insufficient 'write' privilege to the 'userCertificate' attribute of entry 'krbprincipalname=HTTP/router.my....@my.lan,cn=services,cn= accounts,dc=my,dc=lan'.). stuck: yes key pair storage: type=FILE,location='/etc/pki/router_private' certificate: type=FILE,location='/etc/pki/router_cert' CA: IPA issuer: subject: expires: unknown pre-save command: post-save command: track: yes auto-renew: yes I then removed the existing HTTP/router.my.lan principal but then I get: ca-error: Server at https://ipa.win.lan/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: Insufficient 'add' privilege to add the entry 'krbprincipalname=http/router.my....@my.lan ,cn=services,cn=accounts,dc=my,dc=lan'.). Any hints on how I create the certificate? -- john
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
