[Freeipa-users] External CA
Petr Viktorin
pviktori at redhat.com
Thu Nov 7 11:36:59 UTC 2013
On 11/07/2013 08:34 AM, William Leese wrote:
>
> [root at vagrant-centos-6 CA]# cat /root/server.pem
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 2 (0x2)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops,
> CN=vagrant.localdomain/__emailAddress=t at t.com <mailto:t at t.com>
> <mailto:t at t.com <mailto:t at t.com>>
>
> Validity
> Not Before: Nov 6 05:12:09 2013 GMT
> Not After : Nov 6 05:12:09 2014 GMT
> Subject: O=MELTWATER.COM <http://MELTWATER.COM>
> <http://MELTWATER.COM>, CN=Certificate
>
> Authority
> [snip]
> -----BEGIN CERTIFICATE-----
> MIIDfDCCAmSgAwIBAgIBAjANBgkqhk__iG9w0BAQUFADB5MQswCQYDVQQGEwJK__UDEL
> MAkGA1UECAwCVEsxDDAKBgNVBAcMA1__RLSzELMAkGA1UECgwCTVcxDDAKBgNV__BAsM
> A29wczEcMBoGA1UEAwwTdmFncmFudC__5sb2NhbGRvbWFpbjEWMBQGCSqGSIb3__DQEJ
> [snip]
>
>
> Try removing everything before the -----BEGIN CERTIFICATE----- line
> from the PEM.
>
> Well that was unexpected: removing the BEGIN Certificate / End lines now
> makes the install proceed up until:
>
> The log file for this installation can be found in
> /var/log/ipaserver-install.log
> The PKCS#10 certificate is not signed by the external CA (unknown issuer
> E=x at x.com <mailto:x at x.com>,CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=JP,C=JP).
Can you please post more (all) of /var/lig/ipaserver-install.log? We
need to know where exactly the issue is occuring and what the traceback is.
> Do I need to do anything to make my freshly created internal CA trusted
> for the installation? I've tried the usual magic in /etc/pki/tls/certs,
> but to no avail.
No, --external_ca_file should have been enough.
--
Petr³
More information about the Freeipa-users
mailing list