[Freeipa-users] Can't contact LDAP server: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user
Dmitri Pal
dpal at redhat.com
Mon Nov 5 22:32:08 UTC 2012
On 11/05/2012 01:51 PM, Tim Hughes wrote:
>
> I am trying to migrate from a fedora-ds-1.1.2-1.fc6 server to
> ipa-server-2.2.0-16.el6.x86_64 with the following command
>
>
> ipa migrate-ds ldaps://fedora-ds-server.internal --continue
> --with-compat --base-dn=dc=custsvc,dc=mycompany
> --user-container=ou=People,ou=custsvc,dc=co,dc=mycompany
> --group-container=ou=Groups,ou=custsvc,dc=co,dc=mycompany
>
You are using ldaps but there is no cert info defined to connect to
fedora-DS with SSL.
Did you mean ldap://... ?
>
> I get the following response.
>
>
> ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
> ipa: DEBUG: cert valid True for "CN=ipa-server.internal,O=CO.MYCOMPANY"
> ipa: DEBUG: handshake complete, peer = 192.168.10.6:443
> <http://192.168.10.6:443>
> ipa: DEBUG: Caught fault 4203 from server
> http://ipa-server.internal/ipa/xml: Can't contact LDAP server: TLS
> error -8172:Peer's certificate issuer has been marked as not trusted
> by the user.
> ipa: DEBUG: Destroyed connection context.xmlclient
> ipa: ERROR: Can't contact LDAP server: TLS error -8172:Peer's
> certificate issuer has been marked as not trusted by the user.
>
>
> I am trying to work out which certificate is not trusted and how I
> should make it trusted. Any help would be appreciated.
>
>
> Tim Hughes
> mailto:thughes at thegoldfish.org <mailto:thughes at thegoldfish.org>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121105/887fd91c/attachment.htm>
More information about the Freeipa-users
mailing list