Harald, Maybe in the ldap certificate container you already have the same certificate you're trying to install, but it has another key or untrusted? Then try to delete it via ldapdelete and certutil -d and then try again install new one.
2017-12-07 17:20 GMT+03:00 Harald Dunkel via FreeIPA-users < freeipa-users@lists.fedorahosted.org>: > On 12/7/17 2:53 PM, Florence Blanc-Renaud wrote: > >> >> Hi, >> >> if you run: >> >> ipa-cacert-manage install -t C,, <rootcert> >> ipa-certupdate >> >> then the new root certificate will be installed in all the required NSS >> databases. Do not forget to run ipa-certupdate on all the FreeIPA machines. >> >> > This did not work: > > [root@ipa1 ~]# ipa-cacert-manage install -t C,, pki2/root-ca.crt > Installing CA certificate, please wait > Not a valid CA certificate: (SEC_ERROR_UNTRUSTED_ISSUER) Peer's > certificate issuer has been marked as not trusted by the user. (visit > http://www.freeipa.org/page/Troubleshooting for troubleshooting guide) > The ipa-cacert-manage command failed. > > > > > Regards > Harri > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > -- Best regards, Andrew.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org