[Freeipa-users] Using 3rd party certificates for HTTP/LDAP
Peter Pakos
peter at pakos.pl
Sun Jan 24 22:19:02 UTC 2016
Hi,
I now have 3rd party SSL certificate successfully installed for LDAP and
HTTP but I'm having issues with joining new clients to FreeIPA servers.
When I run "ipa-client-install --mkhomedir" on Centos 6 machine I get
the following error:
"Joining realm failed: libcurl failed to execute the HTTP POST
transaction. Peer certificate cannot be authenticated with known CA
certificates"
/var/log/ipaclient-install.log shows:
"2016-01-24T22:06:26Z ERROR Joining realm failed: libcurl failed to
execute the HTTP POST transaction. Peer certificate cannot be
authenticated with known CA certificates"
I was under the impression that the 3rd party certificate's chain will
be included in the CA certificate that the client gets from the servers
and that it will successfully join the realm.
I specified the root certificate using --ca-cert-file= option and the
install completed OK but is this really necessary? I do hope there is a
better solution.
Many thanks.
--
Kind regards,
Peter Pakos
More information about the Freeipa-users
mailing list