[Freeipa-users] Expired SSL certificate issue with IPA
Nalin Dahyabhai
nalin at redhat.com
Thu Jan 5 17:43:22 UTC 2012
On Thu, Jan 05, 2012 at 10:38:11AM -0500, Rob Crittenden wrote:
> My first thought was that there was a CA trust issue. I believe that
> certmonger uses the NSS database where the certificate is stored so
> since it is also doing this against Apache (which in theory trust is
> ok for it to start at all) so I'm baffled. Hopefully the httpd logs
> will be enlightening.
The APIs it's using don't appear to let it do that, so unless there's
something going on under the covers, the IPA submission helper trusts
only the root certificate found in /etc/ipa/ca.crt.
HTH,
Nalin
More information about the Freeipa-users
mailing list