[Freeipa-users] External CA
William Leese
william.leese at meltwater.com
Thu Nov 7 07:34:40 UTC 2013
> [root at vagrant-centos-6 CA]# cat /root/server.pem
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number: 2 (0x2)
>> Signature Algorithm: sha1WithRSAEncryption
>> Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops,
>> CN=vagrant.localdomain/emailAddress=t at t.com <mailto:t at t.com>
>>
>> Validity
>> Not Before: Nov 6 05:12:09 2013 GMT
>> Not After : Nov 6 05:12:09 2014 GMT
>> Subject: O=MELTWATER.COM <http://MELTWATER.COM>, CN=Certificate
>>
>> Authority
>> [snip]
>> -----BEGIN CERTIFICATE-----
>> MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJKUDEL
>> MAkGA1UECAwCVEsxDDAKBgNVBAcMA1RLSzELMAkGA1UECgwCTVcxDDAKBgNVBAsM
>> A29wczEcMBoGA1UEAwwTdmFncmFudC5sb2NhbGRvbWFpbjEWMBQGCSqGSIb3DQEJ
>> [snip]
>>
>
> Try removing everything before the -----BEGIN CERTIFICATE----- line from
> the PEM.
Well that was unexpected: removing the BEGIN Certificate / End lines now
makes the install proceed up until:
The log file for this installation can be found in
/var/log/ipaserver-install.log
The PKCS#10 certificate is not signed by the external CA (unknown issuer E=
x at x.com,CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=JP,C=JP).
Do I need to do anything to make my freshly created internal CA trusted for
the installation? I've tried the usual magic in /etc/pki/tls/certs, but to
no avail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131107/cc64342f/attachment.htm>
More information about the Freeipa-users
mailing list