this is exactly what I tried before and the puppet agent complaint that it
could not find the CA his certificate was signed with. This is a limitation in
puppet.
Rob's answer worked for me around the puppet limitation. Any reason why I would
not want add the sub-ca certificate into the manage c
The client is joined to the IPA domain and gets a certificate from the
sub-ca `puppet` with `ipa-getcert request -x puppet`. In order to have the
puppet agent to be able to talk to puppet server I need the puppet sub-ca
certificate.
How can I distribute the sub-ca certificate to the client? Runni
I know this is an old thread but I'm just posting this for someone who comes
along the same issue like me...
In order to fix my problem I had to do the following to fix for example the
'ocspSigningCert cert-pki-ca' certificate renewing with wrong subjects:
Find the Serial number for that certif
I'm getting the same problem. Did you find a solution? I cannot get my
certificates renew with the wright subject. It always adding the hostname of a
deleted replica into 'cert_subject_der'.
Thanks,
Jakob
___
FreeIPA-users mailing list -- freeipa-user
