<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">
[root@vagrant-centos-6 CA]# cat /root/server.pem<br>
Certificate:<br>
     Data:<br>
         Version: 3 (0x2)<br>
         Serial Number: 2 (0x2)<br>
         Signature Algorithm: sha1WithRSAEncryption<br>
         Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops,<br></div>
CN=vagrant.localdomain/<u></u>emailAddress=<a href="mailto:t@t.com" target="_blank">t@t.com</a> <mailto:<a href="mailto:t@t.com" target="_blank">t@t.com</a>><div class="im"><br>
         Validity<br>
             Not Before: Nov  6 05:12:09 2013 GMT<br>
             Not After : Nov  6 05:12:09 2014 GMT<br></div>
         Subject: O=<a href="http://MELTWATER.COM" target="_blank">MELTWATER.COM</a> <<a href="http://MELTWATER.COM" target="_blank">http://MELTWATER.COM</a>>, CN=Certificate<div class="im"><br>
Authority<br>
[snip]<br>
-----BEGIN CERTIFICATE-----<br>
MIIDfDCCAmSgAwIBAgIBAjANBgkqhk<u></u>iG9w0BAQUFADB5MQswCQYDVQQGEwJK<u></u>UDEL<br>
MAkGA1UECAwCVEsxDDAKBgNVBAcMA1<u></u>RLSzELMAkGA1UECgwCTVcxDDAKBgNV<u></u>BAsM<br>
A29wczEcMBoGA1UEAwwTdmFncmFudC<u></u>5sb2NhbGRvbWFpbjEWMBQGCSqGSIb3<u></u>DQEJ<br>
[snip]<br>
</div></blockquote>
<br>
Try removing everything before the -----BEGIN CERTIFICATE----- line from the PEM.</blockquote>Well that was unexpected: removing the BEGIN Certificate / End lines now makes the install proceed up until:<div><br></div><div>
<div>The log file for this installation can be found in /var/log/ipaserver-install.log</div><div>The PKCS#10 certificate is not signed by the external CA (unknown issuer E=<a href="mailto:x@x.com">x@x.com</a>,CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=JP,C=JP).</div>
</div><div><br></div><div>Do I need to do anything to make my freshly created internal CA trusted for the installation? I've tried the usual magic in /etc/pki/tls/certs, but to no avail.</div></div></div></div>