I found the reason for the failure of the installation. The script uses a NSS db locate under /tmp:
------------------------------------------------------------------------------- Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ipa-ca-agent u,u,u Certificate Authority - dbmsrl.com ,,c D.B.M. CA - dbmsrl.com c,c, testnick P,, ------------------------------------------------------------------------------- The trust attributes are strange (not trusted) and the chain is broken: ------------------------------------------------------------------------------- [root@dbm13 cert]# certutil -d [temp db] -O -n "Certificate Authority - dbmsrl.com" "D.B.M. CA - dbmsrl.com" [O=dbmsrl.com,OU=office,OU=services,CN=D.B.M. CA] "Certificate Authority - dbmsrl.com" [CN=Certificate Authority,O=DBMSRL.COM] [root@dbm13 cert]# certutil -d [temp db] -O -n "ipa-ca-agent" "ipa-ca-agent" [CN=ipa-ca-agent,O=DBMSRL.COM] ------------------------------------------------------------------------------- I try to export all the certificates in PEM format, if i check the signature with openssl all work perfectly... The chain is valid, but NSS don't see it for "ipa-ca-agent" certificate. (sslget return "SSL_ERROR_UNKNOWN_CA_ALERT" when the script try to use this certificate.) Now i know what is the problem, but i don't know how fix it XD Can anyone help me? Thank you _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users