Hello,
I have run the tool on an environment where I've installed my own certificate
for HTTPS (following this tutorial:
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP), and it
complains when find the root certificate of my certificate:
# python2 ipa-checkcerts.py
ipa: INFO: IPA version 4.6.4-10.el7
IPA version 4.6.4-10.el7
ipa: INFO: Check CA status
Check CA status
ipa: INFO: Check tracking
Check tracking
ipa: INFO: Check NSS trust
Check NSS trust
Traceback (most recent call last):
File "ipa-checkcerts.py", line 931, in <module>
sys.exit(c.run())
File "ipa-checkcerts.py", line 190, in run
self.check_trust()
File "ipa-checkcerts.py", line 439, in check_trust
expected = expected_trust[nickname]
KeyError: 'ICC-root'
Is this normal?
Because I have tried to add a RHEL 6 client and I get the error:
" Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=IPA.TESTAD.LOCAL
Issuer: CN=Certificate Authority,O=IPA.TESTAD.LOCAL
Valid From: Mon Jan 30 10:52:18 2017 UTC
Valid Until: Fri Jan 30 10:52:18 2037 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction.
Peer certificate cannot be authenticated with known CA certificates"
Thanks & Regards.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
