Michael Gregg wrote: > > I was trying to join my rhel 5 client to a rhel 7 domain, and getting > the following error: > > [root@oracle ~]# ipa-client-install -p admin -w <pw> -U > root : ERROR LDAP Error: Connect error: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > root : ERROR LDAP Error: Connect error: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > Unable to find IPA Server to join > Installation failed. Rolling back changes. > IPA client is not configured on this system. > > Tried to verify the cert with this: > > openssl s_client -host iota.testrelm.test -port 443 -CAfile /etc/ipa/ca.crt > > This came up with this error code: > > Verify return code: 9 (certificate is not yet valid) > > After syncing the clock, everything worked al-right. I tried googling > around a bit, but I couldn't find any specific articles about this problem. > > Does this sound like a troubleshooting and repair step that is > documented somewhere already?
I don't recall any documentation on this. The time should be synchronized before that happens. Can you send me the full ipaclient-install.log? rob _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel