The SELinux policy prevents the ipa-certupdate command to restart the pki-tomcat service
Issue
-
SELinux denials when running ipa-certupdate:
# ipa-certupdate trying https://ipa.expample.com/ipa/json [try 1]: Forwarding 'schema' to json server 'https://ipa.example.com/ipa/json' trying https://ipa.example.com/ipa/json [try 1]: Forwarding 'ca_is_enabled' to json server 'https://ipa.expample.com/ipa/json' [try 1]: Forwarding 'ca_find/1' to json server 'https://ipa.expample.com/ipa/json' Systemwide CA database updated. Systemwide CA database updated. The ipa-certupdate command was successful
Environment
- Red Hat Enterprise Linux (RHEL) 7.4
- ipa-server-4.5.0-20.el7
- selinux-policy-3.13.1-166.el7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.