[Freeipa-users] Joining realm failed with "SSL certificate problem: self signed certificate in certificate chain"
Harald Dunkel
harald.dunkel at aixigo.de
Fri Jan 29 15:43:46 UTC 2016
Hi Rob,
On 01/29/2016 04:12 PM, Rob Crittenden wrote:
>
> What version of server and client?
>
Server is freeipa 4.2 (Centos 7.2)
Client is freeipa 4.0.5 (Debian 8)
Sorry, I should have mentioned this in my first post.
I am running >200 clients in this environment, appr. 40% are
Debian Hosts with this freeipa version. One host cannot be
joined :-(.
> I gather you have installed with an external CA? How many certs are in
> /etc/ipa/ca.crt?
>
Yes, its an external CA. There is one cert in ca.cert: It is
the certificate of the ipa CA, signed by the expected external
root CA. I see the same on the other hosts, but of course I
checked only a few (4).
Regards
Harri
More information about the Freeipa-users
mailing list