You need to install the ca chain on the client.

If the error you get is from openldap on the client, you need to install the CA 
certificates manually in /etc/openldap/cacerts.

Bjarne Blichfeldt.

-----Original Message-----
From: Per Qvindesland [] 
Sent: 29. juli 2017 12:10
To: FreeIPA users list <>
Subject: [Freeipa-users] Custom certificate

Hi All

I installed a custom signed certificate from quovadis, the install on the ipa 
server wen’t fine but when I try to add a client (centos 6) it gives error:
LDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been 
marked as not trusted by the user.

The standard google searching doesn’t give any answers from what I can see.

Is there any workaround for this?


FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to