On 08/28/2017 04:00 PM, Rob Morin via FreeIPA-users wrote:
Hello all...

So i have a wildcard cert from geotrust.
I am running freeipa V4.4 fresh install no users yet
I downloaded and installed their  GeoTrust Primary Certification Authority root 
cert from here  --> https://www.geotrust.com/resources/root-certificates/
I ran this command to import it...

ipa-cacert-manage -p password -n httpcrt -t C,, install root_ca.crt

I get back this ;

Installing CA certificate, please wait
CA certificate successfully installed
The ipa-cacert-manage command was successful
Then i go to install just the http cert for freeipa as dictated by company 
policy

Then I run this...

ipa-certupdate

Then i go to add the cert like this...

ipa-server-certinstall -w star_domain_com.key star_domain_com.crt
Directory Manager password:
Enter private key unlock password:

I get this back....

The full certificate chain is not present in star_domain_com.key, 
star_domain_com.crt
The ipa-server-certinstall command failed.

So I combined the bundle and cert into one file, still a no go , i tried bot 
ways cert first then bundle, and bundle first then cert, still a no go.
Any ideas?

Thanks..
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Hi,

is your http cert directly signed by the CA root_ca.crt, or does the cert chain contain additional certificates? In the latter case, you need to add each intermediate certificate with ipa-cacert-manage + ipa-certupdate before running ipa-server-certinstall.

HTH,
Flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to