[Freeipa-users] certificate verify failed - WinSync strangeness - ipa-server-1.2.2-0
Simo Sorce
ssorce at redhat.com
Mon Jan 17 19:13:14 UTC 2011
On Wed, 12 Jan 2011 12:03:59 -0600
"dont at killbrad.com" <dont at killbrad.com> wrote:
> Ok, so the ipa-server-certinstall script seems to be where things did
> not work as I perhaps expected them to.
>
> I manually put the certificates in the dirsrv cert db, and the web
> interface cert db. The ipa-replica-manage uses replication.py, which
> is declaring
>
> CACERT="/usr/share/ipa/html/ca.crt"
>
> It looks like this is where the error is being caused. The
> certification there is still the original "IPA Test Certificate
> Authority". If I point it to the DigiCertCA.crt (which should work),
> OR the AD-ca.crt file, I get the same error as originally mentioned
> when running 'ipa-replica-manage list'. If I comment out the CACERT
> variable it does as expected: unexpected error: global name 'CACERT'
> is not defined
>
> So, can someone give me some advice about where else it may be
> reading the certificate from, or how I can do things "the proper way"
> for IPA?
/etc/ipa/ca.crt is another place where the cert can be found.
but for winsync you can pass the cacert on the command line, have you
tried that ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list