[Freeipa-users] FreeIPA 4.0.0 "Peer's certificate issuer has been marked as not trusted by the user."
Alexander Bokovoy
abokovoy at redhat.com
Wed Jul 16 20:03:32 UTC 2014
On Wed, 16 Jul 2014, Nordgren, Bryce L -FS wrote:
>On a clean Fedora 20, minimal install, system using the netinstall iso,
>I'm getting an error all the way at the end of the ipa-server-install
>process (when it tries to run ipa-client-install). I put the fqdn of
>the hostname in /etc/hostname and "ipaddr ipa.usfs-i2.umt.edu ipa" in
>/etc/hosts and rebooted. Hostname returns the fqdn. DNS A, SRV, and TXT
>entries are in place. Reverse DNS works.
>
>Copr repository installed, and fedora-updates-testing enabled (for
>required version of dirsrv). Yum refused to install freeipa-server for
>reason of unsatisfied dependencies, but dnf succeeded.
>
>Tail end of ipa-server-install is here, followed by a successful kinit
>and a failed "ipa" command. I can fix the cert issue on the server by
>following
>http://www.iamlinux.com/2014/06/ipa-commands-fails-with-peers-certificate-issuer-has-been-marked-as-not-trusted-by-the-user-error/.
>This allows ipa commands on the server to work. However,
>ipa-client-install on the client fails with the same "Peer's
>certificate issuer has been marked as not trusted by the user." Is this
>a dorky new user problem or should I file a bug?
Check /var/log/ipaclient-install.log first, as your IPA client install
did not finish, thus certificates store wasn't created properly and does
not contain IPA CA certificate yet.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list