[Freeipa-users] Problems after install 3rd Party Certs
Joshua Ruybal
jruybal at owneriq.com
Mon Oct 17 18:36:27 UTC 2016
Forgot to add.
After some digging I saw the CA needed to be added to the nssdbs
I've added the CA cert to:
[root at ipa02 ipa02]# certutil -A -d /etc/pki/nssdb -n 'NewCA' -t CT,C,C -a
-i fullchain.pem
[root at ipa02 ipa02]# certutil -A -d /etc/httpd/alias -n 'NewCA' -t CT,C,C -a
-i fullchain.pem
On Mon, Oct 17, 2016 at 11:32 AM, Joshua Ruybal <jruybal at owneriq.com> wrote:
> Hi,
>
> We've recently tried to change our https web certs for our IPA servers
> following the instructions listed here: https://www.freeipa.org/
> page/Using_3rd_part_certificates_for_HTTP/LDAP
>
> The web gui is successfully using https now, however we are having several
> other problems.
>
> Enrollment now fails for new hosts, and we're unable to install replicas.
>
> Specifically we're seeing this error: (SEC_ERROR_UNTRUSTED_ISSUER) Peer's
> certificate issuer has been marked as not trusted by the user.
>
> Any advice on this?
>
> ipa-server 3.0.0
> CentOS 6.7
>
> Thanks,
>
> --Josh
>
--
<http://www.owneriq.com/>
*Joshua Ruybal | Systems Engineer*
o: (866) 870-2295 x823 <8668702293x823> c: (206) 724-4549 <2067244549>
e: jruybal at owneriq.com
<https://www.linkedin.com/company/owneriq-inc.>
<https://www.facebook.com/OwnerIQ> <https://twitter.com/owneriq>
<http://www.owneriq.com/blog/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161017/37ef8200/attachment.htm>
More information about the Freeipa-users
mailing list