This is the verbose log, tried to convert them to p12 format (dont know it's right or not), still no luck.
http://fpaste.org/223608/88775143/raw/ Ref: http://www.redhat.com/archives/freeipa-users/2014-August/msg00338.html Any additional hints? On 05/19/2015 08:30 PM, Dewangga Bachrul Alam wrote: > Hello! > > I was build FreeIPA 4.1.4 on CentOS 7.1, the deployment was done, but > could I changes the HTTP and dirsv certificate? I have wildcard > certificate (thawte SSL CA - G2). It is compatible for FreeIPA (http and > dirsv)? > > I've tried to follow the instruction > https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP > but no luck. > > $ ipa-server-certinstall -wd mydomain.co.id.key \ > mydomain.co.id-bundled.crt > > Directory Manager password: > > Enter private key unlock password: > > The full certificate chain is not present in mydomain.co.id.key, > mydomain.co.id-bundled.crt > > FYI, mydomain.co.id-bundled.crt chain have SIGNED then INTERMEDIATE > certificate order. (2 chain) > > I've tried to bundling them using root certificate, still have no luck. > (3 chain, SIGNEDCERT, INTERMEDIATE, ROOTCERT). > > Any comments will be appreciated :) > Thanks > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project