[Freeipa-users] Installation issues with sub-ca.
Rob Crittenden
rcritten at redhat.com
Thu Nov 7 14:52:58 UTC 2013
Andrea Bontempi wrote:
>> -12195 is SSL_ERROR_UNKNOWN_CA_ALERT in NSS.
>>
>> I wonder if the root chain you gave to the IPA installer was complete.
>>
>> rob
>
> I work with PEM file format, in the sub-ca certificate there aren't chains (but isn't a problem if i use a self-generated CA).
>
> (Moreover, the script has all the chain, the root certificate and the FreeIPA's certificate, so it's strange.)
>
> I try to add the chain follow this rule: http://www.digicert.com/ssl-support/pem-ssl-creation.htm, but the script crash (does't seem to support this method)
>
> I fear it's a problem of my CA, but i have no idea what goes wrong.
Can you provide the logs from the failed install?
/var/log/ipaserver-install.log for sure, we may need the debug log from
the CA eventually too.
rob
More information about the Freeipa-users
mailing list