<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">Hello,</span><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">After installing FreeIPA I followed instructions from <a href="http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP" target="_blank">http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP</a> to use globally trusted certificates for HTTP/LDAP server interface to secure other systems provisioning.</div>

<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Then it went out that pki-tomcatd is not able to start anymore because of this:</div><div style="font-family:arial,sans-serif;font-size:13px">

<div>| NFO: Deploying web application directory /var/lib/pki/pki-tomcat/webapps/ca</div><div>| SSLAuthenticatorWithFallback: Creating SSL authenticator with fallback</div><div>| SSLAuthenticatorWithFallback: Setting container</div>

<div>| SSLAuthenticatorWithFallback: Initializing authenticators</div><div>| SSLAuthenticatorWithFallback: Starting authenticators</div><div>| 01:48:31,313 DEBUG (org.jboss.resteasy.plugins.providers.DocumentProvider:60) - Unable to retrieve ServletContext: expandEntityReferences defaults to true</div>

<div>| 01:48:31,320 DEBUG (org.jboss.resteasy.plugins.providers.DocumentProvider:60) - Unable to retrieve ServletContext: expandEntityReferences defaults to true</div><div>| Internal Database Error encountered: Could not connect to LDAP server host <a href="http://ipa.mydomain.com/" target="_blank">ipa.mydomain.com</a> port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)</div>

</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Meanwhile dirsrv tells me "Peer does not recognize and trust the CA that issued your certificate."</div>

<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">I tried to fix trust by adding various certificates with certutil to /etc/dirsrv/slapd/ and /etc/pki/pki-tomcat/alias/, but nothing helped. Does anyone have a suggestion how to fix the situation?</div>

<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div><pre style="font-family:monospace;font-size:12px;margin:0px;padding:0px;white-space:pre;word-wrap:break-word"><span style="color:rgb(102,102,102)"><br>

</span></pre><pre style="font-family:monospace;font-size:12px;margin:0px;padding:0px;white-space:pre;word-wrap:break-word"><span style="color:rgb(102,102,102)">-- </span></pre><pre style="font-family:monospace;font-size:12px;margin:0px;padding:0px;white-space:pre;word-wrap:break-word">

<span style="color:rgb(102,102,102)">Best regards,</span></pre><pre style="font-family:monospace;font-size:12px;margin:0px;padding:0px;white-space:pre;word-wrap:break-word"><span style="color:rgb(102,102,102)">Vladimir Kulev</span></pre>

<pre style="margin:0px;padding:0px;word-wrap:break-word"><span style="font-family:monospace;font-size:12px;white-space:pre;color:rgb(102,102,102)">
Mobile: </span><font color="#666666"><span style="font-size:12px">+358400369346, +79215554422</span></font></pre><pre style="font-family:monospace;font-size:12px;margin:0px;padding:0px;white-space:pre;word-wrap:break-word">

<font color="#666666">Jabber: <a href="mailto:me@lightoze.net" target="_blank">me@lightoze.net</a></font></pre><pre style="font-family:monospace;font-size:12px;margin:0px;padding:0px;white-space:pre;word-wrap:break-word">

<font color="#666666">Skype: lightoze</font></pre></div>
</div>