[Freeipa-users] Where should the CA Location
Florence Blanc-Renaud
frenaud at redhat.com
Fri Jun 24 18:06:19 UTC 2016
Hi
Disclaimer: I'm new on this mailing list but willing to share experience :)
Did you use "ipa-cacert-manage install -t C,," to install your external
CA certificate? This command copies the certificate in
cn=certificates,cn=ipa,cn=etc,dc=xxx
After this, you can use ipa-certupdate which will put the CA cert in all
the needed NSS databases and update the nickname where needed.
Flo.
On 06/23/2016 04:54 AM, barrykfl at gmail.com wrote:
> Hi :
>
> I renew External CA cert below ...seem server-cert ok.
>
> But ca CERT FAIL..
> I ALREADY PASTE ON
> /etc/httpd/alias
> /etc/dirsrv/slapd-PKI-IPA
> /etc/dirsv/slapd-ABX-com
> /var/lib/pki-ca/alias 's CA conf
>
> any idea?
>
> ABX-COM...[23/Jun/2016:10:42:32 +0800] - SSL alert:
> CERT_VerifyCertificateNow: verify certificate failed for cert
> Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable
> Runtime error -8179 - Peer's Certificate issuer is not recognized.)
>
>
>
More information about the Freeipa-users
mailing list