[Freeipa-users] certificate verify failed - WinSync strangeness - ipa-server-1.2.2-0
dont at killbrad.com
dont at killbrad.com
Mon Jan 24 20:05:05 UTC 2011
Hi Simo, yes, I had tried this and it was still causing the same issue. If
anyone else encounters a similar problem, here is the solution that worked
for me:
This file: /usr/lib/python2.4/site-packages/ipaserver/replication.py
Contains this line at the top: CACERT="/usr/share/ipa/html/ca.crt"
When updating the dirsrv and http server NSS database certs with
ipa-server-certinstall, this particular cert never gets updated. It keeps
the original self-signed cert that was installed (standalone, not NSS).
Backed up this file, and copied (for me, DigiCertCA2.crt) the proper CA cert
to allow the verification worked finally. I had tried the full chain, the
primary DigiCertCA.crt cert, etc. But the one that it wanted was the
DigiCertCA2.crt certificate alone.
Thanks!
>> So, can someone give me some advice about where else it may be reading
>> the certificate from, or how I can do things "the proper way"
>> for IPA?
>/etc/ipa/ca.crt is another place where the cert can be found.
>but for winsync you can pass the cacert on the command line, have you tried
that ?
>Simo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110124/9995d728/attachment.htm>
More information about the Freeipa-users
mailing list