Hello!

Guys, I had set up FreeIPA 4.5 on Centos 7 with self-signed SSL cert.
Now I want to install my main wildcard cert (from Comodo CA) for domain where 
IPA-server located, just for web-service, so web browsers won't complain to 
users about ssl.
As expected - when I'm trying to do:

# ipa-server-certinstall -w comodo.crt comodo.key

I'm getting:

Peer's certificate issuer is not trusted ((SEC_ERROR_UNKNOWN_ISSUER) Peer's 
Certificate issuer is not recognized.). Please run ipa-cacert-manage install 
and ipa-certupdate to install the CA certificate.
The ipa-server-certinstall command failed.

I've found on 
https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/979/108/domain-validation-sha-2
all CA certs for Comodo and set them up via

# ipa-cacert-manage -p DM_PASSWORD -n NICKNAME -t C,, install ca.crt
# ipa-certupdate

As pointed on 
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP

But nontheless, when I'm trying after it - ipa-server-certinstall, I get above 
error anyway.

I'm starting to go crazy with it and don't know what should I do to solve this 
:(
Help me please!
Thank you.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to