We have a need where we want to allow a user to submit their own CSR to generate their own SSL certificate and to be able to download their own certificate.
I get the following error:
Insufficient access: Principal 'testplem@MGMT.EXAMPLE.COM' is not permitted to use CA 'ipa' with profile 'IECUserRoles' for certificate issuance.
Here are the permissions I have setup.
* Create a new Privilege called SelfService
* Add the following permissions to the SelfService Privilege * Request Certificate (FreeIPA builtin permission) * Retrieve Certificates from the CA (FreeIPA builtin permission) * UserSelfSerivceCertificate (custom permission) * ReadCAProfile (custom permission) * ReadIPACA (custom permission)
* Create Role called SelfService * Attach the SelfService Privilege to this Role
* I then attach that Role to a test user.
I am sure I am missing other permissions but I am not sure what. If there is already documentation that explains how to do this I am happy to reference that. If not, what else am I missing.