> On 11/30/2017 08:24 AM, Andrew Radygin via FreeIPA-users wrote:
> Hi,
> the ca certs need to be added from the root to the one that issued the 
> server cert:
> 1/ ipa-cacert-manage install root.crt + ipa-certupdate
> 2/ ipa-cacert-manage install inter1.crt + ipa-certupdate
> 3/ ipa-cacert-manage install inter2.crt + ipa-certupdate
> 4/ ipa-server-certinstall -w main.crt + restart http service
> After step3, you can check that all the CA certs have been added to 
> /etc/httpd/alias with
> $ certutil -L -d /etc/httdp/alias
> HTH,
> Flo

Florence, I'm already added certs, but probably with wrong order, and now if 
I'm trying to add the same but in order you pointed, they aren't adding, even 
with another nicknames (with out any error, just don't showing in certutil -L).
Maybe it's better to delete all new CA certs from databases and repeat adding 
with right order?
How can I delete those certs?
I suppose via certutil, but from what directories and databases should I do 
I tried something like that:
certutil -D -d /etc/httdp/alias -n "Nickname"
but after ipa-certupdate they show up again.

By the way, how can I include my private key to ipa-server-certinstall?
Is it just
 # ipa-server-certinstall -w comodo.crt comodo.key

Also, if I'm trying to install file with only main domain cert (with out 
chain), command resulting in error:

# ipa-server-certinstall -w comodo_base.crt comodo.key 
Directory Manager password: 

Enter private key unlock password: 

The full certificate chain is not present in comodo_base.crt, comodo.key
The ipa-server-certinstall command failed.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to