Adrian HY wrote:
> Ho Rob, same problem; 
> 
>  ipa-cacert-manage -n "Godaddy" -t CT,C,C install gd_bundle-g2-g1.crt  -v
> 
> ipa: DEBUG: Starting external process
> ipa: DEBUG: args=/usr/bin/certutil -d /tmp/tmpp31Uuq -N -f /tmp/tmp4TnBRN
> ipa: DEBUG: Process finished, return code=0
> ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=
> ipa: DEBUG: Starting external process
> ipa: DEBUG: args=/usr/bin/certutil -d /tmp/tmpp31Uuq -A -n Godaddy -t C,,
> ipa: DEBUG: Process finished, return code=0
> ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=
> ipa: DEBUG: Starting external process
> ipa: DEBUG: args=/usr/bin/certutil -d /tmp/tmpp31Uuq -A -n TEST.IPA.US
> <http://TEST.IPA.US> IPA CA -t CT,C,C
> ipa: DEBUG: Process finished, return code=0
> ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=
> ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Destroyed connection
> context.ldap2_69179024
> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG:   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
>     return_value = self.run()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py",
> line 113, in run
>     rc = self.install()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py",
> line 356, in install
>     "troubleshooting guide)" % e)
> 
> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: The
> ipa-cacert-manage command failed, exception: ScriptError: Not a valid CA
> certificate: (SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not
> recognized. (visit http://www.freeipa.org/page/Troubleshooting for
> troubleshooting guide)
> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: Not a valid
> CA certificate: (SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is
> not recognized. (visit http://www.freeipa.org/page/Troubleshooting for
> troubleshooting guide)
> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: The
> ipa-cacert-manage command failed.

You may need to break the bundle into discrete files if there are
multiple certificates in it.

rob

> 
> 
> On 11 August 2017 at 11:47, Rob Crittenden <rcrit...@redhat.com
> <mailto:rcrit...@redhat.com>> wrote:
> 
>     Adrian HY via FreeIPA-users wrote:
>     > Hi, I need to incorporate a godaddy certificate in freeipa.
>     >
>     > I have three files: 4dfc653ab0cf823d.crt, gd_bundle-g2-g1.crt and 
> mykey.key.
>     >
>     > When I run the command * ipa-cacert-manage -n "Godaddy" -t CT,C,C
>     > install cert.pem*  the output is
>     >
>     > ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: The
>     > ipa-cacert-manage command failed, exception: ScriptError: Not a valid CA
>     > certificate: not a CA certificate (visit
>     > http://www.freeipa.org/page/Troubleshooting
>     <http://www.freeipa.org/page/Troubleshooting> for troubleshooting guide)
>     > ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: Not a valid
>     > CA certificate: not a CA certificate
> 
>     So you mention three files you have and your command references none of
>     them...
> 
>     You want to pass gd_bundle-g2-g1.crt.
> 
>     rob
> 
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to