certmonger service fails to automatically renew IdM subsystem certificates due to insufficient write privilege

Solution Verified - Updated -

Issue

  • When the certmonger service attempts to automatically renew the internal Identity Management (IdM) subsystem certificates, errors similar to the following are visible in /var/log/messages:
Oct 28 15:17:55 ipa01 python: Updating renewal certificate failed: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=auditSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com'.

Oct 28 15:18:35 ipa01 python: Updating renewal certificate failed: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=subsystemCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com'.

Environment

  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content