[Freeipa-users] freeipa cert validation failed, SEC_ERROR_UNTRUSTED_ISSUER

[mmarodin at tiscali.it]

  Hi everyone.

I've a problem with my new freeipa installation,
v4.1.0, over RHEL 7 like distribution.

The installation was ok, but now
I've some problems operating via CLI:
# ipa user-show admin
ipa: ERROR:
cert validation failed for
"CN=srv01.ipa.mydomain.com,O=IPA.MYDOMAIN.COM"
((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user.)
ipa: ERROR: cannot connect to
'https://srv01.ipa.mydomain.com/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER)
Peer's certificate issuer has been marked as not trusted by the
user.

I've got the same problem connectiong via curl, but after doing
these command for curl now it works, but not for ipa cli
operations:
----------------------
# certutil -A -d /etc/pki/nssdb -n
'IPA CA' -t CT,C,C -a -i /etc/ipa/ca.crt
# certutil -L -d
/etc/pki/nssdb
Certificate Nickname Trust Attributes

SSL,S/MIME,JAR/XPI
IPA CA CT,C,C
# cp /etc/ipa/ca.crt
/etc/pki/ca-trust/source/anchors/
# update-ca-trust
extract
----------------------

And also this command doesn't work:
#
ipa trust-add --type=ad mydomain.com --admin Administrator
--password
ipa: ERROR: cert validation failed for
"CN=srv01.ipa.mydomain.com,O=IPA.MYDOMAIN.COM"
((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user.)
ipa: ERROR: cannot connect to
'https://srv01.ipa.mydomain.com/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER)
Peer's certificate issuer has been marked as not trusted by the
user.

So ... what's the problem?

Let me know, thanks.
Morgan 



Connetti gratis il mondo con la nuova indoona:  hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo.
E chiami gratis anche i numeri fissi e mobili nel mondo!
Scarica subito l’app Vai su https://www.indoona.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150908/6028fa18/attachment.htm>