certmonger service fails to automatically renew IdM subsystem certificates due to insufficient write privilege

Solution Verified - Updated 2015-05-01T02:37:13+00:00 -

Issue

When the certmonger service attempts to automatically renew the internal Identity Management (IdM) subsystem certificates, errors similar to the following are visible in /var/log/messages:

Oct 28 15:17:55 ipa01 python: Updating renewal certificate failed: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=auditSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com'.

Oct 28 15:18:35 ipa01 python: Updating renewal certificate failed: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=subsystemCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com'.

Environment

Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories