[Freeipa-users] Using 3rd party certificates for HTTP/LDAP
Rob Crittenden
rcritten at redhat.com
Fri Jan 15 15:04:23 UTC 2016
Peter Pakos wrote:
> On 14/01/2016 18:51, Rob Crittenden wrote:
>> You need to add the new root certs to the pki NSS database.
>
> As far as I can see those 3 new CA certs are already in the database
> (unless you're talking about a different db):
>
> $ certutil -d /etc/pki/nssdb/ -L
>
> Certificate Nickname Trust
> Attributes
>
> SSL,S/MIME,JAR/XPI
>
> IPA.WANDISCO.COM IPA CA CT,C,C
> AddTrust ,,
> USERTrustRSAAddTrustCA ,,
> GandiStandardSSLCA2 ,,
>
> Please advise.
>
Discussed in IRC last night but for the sake of history, he needed to
add the CA's to the dogtag NSS database in
/var/lib/pki/pki-tomcat/alias/ with a trust of C,,.
rob
More information about the Freeipa-users
mailing list