Petar Kozić via FreeIPA-users wrote: > Hi folks, > one question. > These days I join my machine into IPA. Almost all machine have Ubuntu > 18.04. I jointed about 10 machine in last two days. Today I tried to > join Debian 8 jessie but I have problem. > > All machine I join with same command: > > ipa-client-install -U —domain=example.com <http://example.com> > —hostname=clientexample.com <http://clientexample.com> > —server=ipa.example.com <http://ipa.example.com> —realm=EXAMPLE.com > —password=XXXxxxXXX --principal=admin —mkhomedir > > On Debian machine I got this error in process of join: > > Forwarding 'ping' to json server 'https://ipa.example.com/ipa/json' > cert validation failed for “CN=ipa.example.com <http://ipa.example.com>" > ((SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not recognized.) > Cannot connect to the server due to generic error: cannot connect to > 'https://ipa.example.com/ipa/json': (SEC_ERROR_UNKNOWN_ISSUER) Peer's > Certificate issuer is not recognized. > Installation failed. Rolling back changes. > > Some help?
We need more information on your CA chain configuration and what version's of IPA you're using. For example, is your CA a typical IPA self-signed CA or did you sign it with another CA? rob Ipa version: FreeIPA 4.7 CA isn’t self-signed. I generate Let’s encrypt SSL and make chain CA which is imported in IPA. On all Ubuntu 18.04 works perfect but this Debian 8 jessie don’t support native from repo freeipa-client and maybe that is also problem. I found some repo for freeipa client deb http://apt.numeezy.fr jessie main deb-src http://apt.numeezy.fr jessie main and I installed from there.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org