On 2/21/20 5:56 PM, dmitriys via FreeIPA-users wrote:
Hi!
I use freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 on Ubuntu 18.04.4 LTS
I installed freeipa-serve in default mode ( ipa-server-install )
Now i try change certificate on Comodo as write in this article
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
my steps:
1 ipa-cacert-manage -p 'password' -n COMODO -t C,, install
addtrustexternalcaroot2.crt
Installing CA certificate, please wait
CA certificate successfully installed
The ipa-cacert-manage command was successful
Hi,
Looks like you forgot the ipa-certupdate step.
HTH,
flo
2 ipa-server-certinstall -w -d /home/xattab/ldap_comodo.key ldap_comodo.pem -vvv
get error
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'dbm:/tmp/tmpPsRUhs', '-V', '-n', 'CN=ldap.soft2bet.com', '-u', 'V', '-f',
'/tmp/tmpPsRUhs/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=certutil: certificate is invalid: Peer's
Certificate issuer is not recognized.
ipapython.ipautil: DEBUG: stderr=
ipapython.admintool: DEBUG: File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in execute
return_value = self.run()
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 113, in run
self.install_dirsrv_cert()
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 139, in install_dirsrv_cert
'restart_dirsrv %s' % serverid)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 291, in import_cert
self.check_chain(pkcs12_file.name, pin, cdb)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 277, in check_chain
"to install the CA certificate." % str(e))
ipapython.admintool: DEBUG: The ipa-server-certinstall command failed,
exception: ScriptError: Peer's certificate issuer is not trusted (certutil:
certificate is invalid: Peer's Certificate issuer is not recognized.
). Please run ipa-cacert-manage install and ipa-certupdate to install the CA
certificate.
ipapython.admintool: ERROR: Peer's certificate issuer is not trusted (certutil:
certificate is invalid: Peer's Certificate issuer is not recognized.
). Please run ipa-cacert-manage install and ipa-certupdate to install the CA
certificate.
ipapython.admintool: ERROR: The ipa-server-certinstall command failed.
How to fix it ?
Can anybody help me ))) ?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org