> On 11/30/2017 08:24 AM, Andrew Radygin via FreeIPA-users wrote: > Hi, > > the ca certs need to be added from the root to the one that issued the > server cert: > 1/ ipa-cacert-manage install root.crt + ipa-certupdate > 2/ ipa-cacert-manage install inter1.crt + ipa-certupdate > 3/ ipa-cacert-manage install inter2.crt + ipa-certupdate > 4/ ipa-server-certinstall -w main.crt + restart http service > > After step3, you can check that all the CA certs have been added to > /etc/httpd/alias with > $ certutil -L -d /etc/httdp/alias > > HTH, > Flo
Florence, I'm already added certs, but probably with wrong order, and now if I'm trying to add the same but in order you pointed, they aren't adding, even with another nicknames (with out any error, just don't showing in certutil -L). Maybe it's better to delete all new CA certs from databases and repeat adding with right order? How can I delete those certs? I suppose via certutil, but from what directories and databases should I do that? I tried something like that: certutil -D -d /etc/httdp/alias -n "Nickname" but after ipa-certupdate they show up again. By the way, how can I include my private key to ipa-server-certinstall? Is it just # ipa-server-certinstall -w comodo.crt comodo.key ? Also, if I'm trying to install file with only main domain cert (with out chain), command resulting in error: # ipa-server-certinstall -w comodo_base.crt comodo.key Directory Manager password: Enter private key unlock password: The full certificate chain is not present in comodo_base.crt, comodo.key The ipa-server-certinstall command failed. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
