[Freeipa-users] Joining realm failed with "SSL certificate problem: self signed certificate in certificate chain"
Harald Dunkel
harald.dunkel at aixigo.de
Fri Jan 29 12:20:56 UTC 2016
Hi folks,
Problem: ipa-client-install fails with
# rm -f /etc/ipa/ca.crt
# ipa-client-install
Discovery was successful!
Hostname: srvl023.ac.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa1.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for admin at EXAMPLE.COM:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=example AG,C=COM
Issuer: CN=example Root CA,OU=example Certificate Authority,O=example AG,C=COM
Valid From: Mon Dec 28 10:35:30 2015 UTC
Valid Until: Mon Dec 31 23:59:59 2035 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining: SSL certificate problem: self signed certificate in certificate chain
Installation failed. Rolling back changes.
IPA client is not configured on this system.
???
Is this the chain sent from the ipa server to the new host?
Every helpful idea would be highly appreciated.
Regards
Harri
More information about the Freeipa-users
mailing list