Michael Gregg wrote:
> 
> I was trying to join my rhel 5 client to a rhel 7 domain, and getting
> the following error:
> 
> [root@oracle ~]# ipa-client-install -p admin -w <pw> -U
> root        : ERROR    LDAP Error: Connect error: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> root        : ERROR    LDAP Error: Connect error: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Unable to find IPA Server to join
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.
> 
> Tried to verify the cert with this:
> 
> openssl s_client -host iota.testrelm.test -port 443 -CAfile /etc/ipa/ca.crt
> 
> This came up with this error code:
> 
> Verify return code: 9 (certificate is not yet valid)
> 
> After syncing the clock, everything worked al-right. I tried googling
> around a bit, but I couldn't find any specific articles about this problem.
> 
> Does this sound like a troubleshooting and repair step that is
> documented somewhere already?

I don't recall any documentation on this. The time should be
synchronized before that happens. Can you send me the full
ipaclient-install.log?

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to