When I attempt to delete a host (non-ipa server host, just a client), I get the following error:
ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (403)
When I go to Authentication -> Certificates, I get this error:
An error has occurred (IPA Error 4301: CertificateOperationError)
I see this old thread: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
I tried the suggestions there, however I'm unable to make this work.
Certmonger is running, and not showing any errors. SSL Certs all show monitored, are not expired, and are not stuck. All IPA services are running.
IPA-healthcheck shows several errors regarding a 403 when connecting to the CA Rest API.
This is only a single-server install in my homelab, but rather than destroying it and starting over I'd really like to figure out what's up.
Russ Long via FreeIPA-users wrote:
When I attempt to delete a host (non-ipa server host, just a client), I get the following error:
ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (403)
When I go to Authentication -> Certificates, I get this error:
An error has occurred (IPA Error 4301: CertificateOperationError)
I see this old thread: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
I tried the suggestions there, however I'm unable to make this work.
Certmonger is running, and not showing any errors. SSL Certs all show monitored, are not expired, and are not stuck. All IPA services are running.
IPA-healthcheck shows several errors regarding a 403 when connecting to the CA Rest API.
This is only a single-server install in my homelab, but rather than destroying it and starting over I'd really like to figure out what's up.
Check out this thread:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
rob
Thanks so much Rob, it was the secret mismatch. I swear I checked that, but must not have been paying attention.
Once the secrets in "/etc/pki/pki-tomcat/server.xml" and "/etc/httpd/conf.d/ipa-pki-proxy.conf" matched, and services restarted all is well now.
--Russ
freeipa-users@lists.fedorahosted.org