[Freeipa-devel] joining rhel5 ipa clients to rhel 7 server failing caused by time offset.
Michael Gregg
mgregg at redhat.com
Wed Jun 4 20:55:30 UTC 2014
I was trying to join my rhel 5 client to a rhel 7 domain, and getting
the following error:
[root at oracle ~]# ipa-client-install -p admin -w <pw> -U
root : ERROR LDAP Error: Connect error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
root : ERROR LDAP Error: Connect error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Unable to find IPA Server to join
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Tried to verify the cert with this:
openssl s_client -host iota.testrelm.test -port 443 -CAfile /etc/ipa/ca.crt
This came up with this error code:
Verify return code: 9 (certificate is not yet valid)
After syncing the clock, everything worked al-right. I tried googling
around a bit, but I couldn't find any specific articles about this problem.
Does this sound like a troubleshooting and repair step that is
documented somewhere already?
Michael-
More information about the Freeipa-devel
mailing list