[Freeipa-users] OT: https://www.freeipa.org missing intermediate certificate
Natxo Asenjo
natxo.asenjo at gmail.com
Fri Jul 10 14:36:35 UTC 2015
hi,
earlier today I was reading a post about the new freeipa version on my
mobile device and got plenty of warnings about an invalid certificate. On a
fedora laptop no warnings, but this is the problem:
$ curl -LIv https://www.freeipa.org
* Rebuilt URL to: https://www.freeipa.org/
* Hostname was NOT found in DNS cache
* Trying 54.227.25.77...
* Connected to www.freeipa.org (54.227.25.77) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=www.freeipa.org,O=Red Hat Inc.,L=Raleigh,ST=North
Carolina,C=US
* start date: Jul 16 00:00:00 2014 GMT
* expire date: Jul 19 12:00:00 2016 GMT
* common name: www.freeipa.org
* issuer: CN=DigiCert SHA2 High Assurance Server
CA,OU=www.digicert.com,O=DigiCert
Inc,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
You need to add the intermediate digicert certrificate, it seems.
Thanks!
--
regards,
natxo
--
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150710/edb8958a/attachment.htm>
More information about the Freeipa-users
mailing list