Instructions to request a certificate from FreeIPA will only work if the user creates a cert database with a blank password. This should be stressed.
Instructions in question are here: http://www.freeipa.org/page/PKI#Automated_certificate_requests_with_Certmonger
The third step, "certutil -N -d ." should have some annotation that the user will be prompted for a password and it must be left blank.
If the user puts in a password, step 6 ("ipa-getcert request ...") will fail to create a certificate. The status of the request (via ipa-getcert list) will be listed as "stuck".
I can fix this given I wrote this HOWTO.
I updated the HOWTO and:
Metadata Update from @bnordgren:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 4.0.2
to comment on this ticket.