[Freeipa-users] External CA
Petr Viktorin
pviktori at redhat.com
Fri Nov 8 09:56:27 UTC 2013
On 11/08/2013 09:01 AM, Martin Kosek wrote:
> Thanks for heads up. You mean by the difference between "O=MW" and
> "O=MELTWATER.COM"?
>
> Petr, is this possible? Can it be validated in the the installer if this is the
> root cause?
It is possible. It's hard to tell without the logs; looks like the
failure was inside Dogtag. There may be more issues; for instance I
don't think we considered PEM files with extra data before the BEGIN
CERTIFICATE.
I filed a ticket to investigate:
https://fedorahosted.org/freeipa/ticket/4019
> On 11/08/2013 01:55 AM, William Leese wrote:
>> I was able to solve this by recreating my test CA. I believe the problem
>> was with non-matching Organisation between the CSR and CA - but I dont have
>> the knowledge to know if this is really required.
>>
>> Anyhow, things work, despite not having removed the "-----BEGIN
>> CERTIFICATE-----" lines this time around.
>>
>> Thanks for the help and sorry for wasting your time!
>>
--
Petr³
More information about the Freeipa-users
mailing list