On 02/14/2017 02:54 PM, Matt . wrote:
Certs are valid, I will check what you mentioned.
I'm also no fan of bundles, more the seperate files but this doesn't
seem to work always. At least for the CAroot a bundle was required.
Hi Matt,
if your certificate was provided by an intermediate CA, you need to add
each CA before running ipa-server-certinstall (start from the top-level
CA with ipa-cacert-manage install, then run ipa-certupdate, then the
intermediate CA with ipa-cacert-manage install, then ipa-certupdate etc...)
There is also a known issue with ipa-certupdate and SELinux in enforcing
mode (https://bugzilla.redhat.com/show_bug.cgi?id=1349024).
Flo.
Matt
2017-02-14 14:51 GMT+01:00 Sullivan, Daniel [CRI] <dsulliv...@bsd.uchicago.edu>:
Have you validated the cert (and dumped the contents) from the command line
using the openssl tools? I’ve seen the message you are seeing before, for some
reason I seem to remember that it has to do with either a missing or an extra -
at either the -----BEGIN CERTIFICATE---- or -----END CERTIFICATE---- (an error
from copy and pasting and not copying the actual file).
I’ve never used certupdate so if what is described above doesn’t help somebody
else will have to chime in.
Dan
On Feb 14, 2017, at 2:18 AM, Matt . <yamakasi....@gmail.com> wrote:
Hi Dan,
Ues i have tried that and I get the message that it misses the full
chain for the certificate.
My issue is more, why is the Server-Cert being removed on a certupdate ?
Cheers,
Matt
2017-02-14 2:18 GMT+01:00 Sullivan, Daniel [CRI] <dsulliv...@bsd.uchicago.edu>:
Is the chain in mydomain_com_bundle.crt? Have you tried it with the cert only
(disclaimer: I’ve never done this).
Dan
On Feb 13, 2017, at 4:08 PM, Matt . <yamakasi....@gmail.com> wrote:
Hi Guys,
I'm trying to install a 3rd party certificate using:
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP#Procedure_in_current_IPA
When I run the install command for the certificate itself:
]# ipa-server-certinstall -w -d mydomain_com.key mydomain_com_bundle.crt
Directory Manager password:
Enter private key unlock password:
list index out of range
The ipa-server-certinstall command failed.
If I do a #ipa-certupdate the Server-Cert is removed from
/etc/httpd/alias and the install fails because of this.
What can I do to solve this ?
Thanks,
Matt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
