Hi! I use freeipa-server 4.7.0~pre1+git20180411-2ubuntu2 on Ubuntu 18.04.4 LTS
I installed freeipa-serve in default mode ( ipa-server-install ) Now i try change certificate on Comodo as write in this article https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP my steps: 1 ipa-cacert-manage -p 'password' -n COMODO -t C,, install addtrustexternalcaroot2.crt Installing CA certificate, please wait CA certificate successfully installed The ipa-cacert-manage command was successful 2 ipa-server-certinstall -w -d /home/xattab/ldap_comodo.key ldap_comodo.pem -vvv get error ipapython.ipautil: DEBUG: stderr= ipapython.ipautil: DEBUG: Starting external process ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d', 'dbm:/tmp/tmpPsRUhs', '-V', '-n', 'CN=ldap.soft2bet.com', '-u', 'V', '-f', '/tmp/tmpPsRUhs/pwdfile.txt'] ipapython.ipautil: DEBUG: Process finished, return code=255 ipapython.ipautil: DEBUG: stdout=certutil: certificate is invalid: Peer's Certificate issuer is not recognized. ipapython.ipautil: DEBUG: stderr= ipapython.admintool: DEBUG: File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in execute return_value = self.run() File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py", line 113, in run self.install_dirsrv_cert() File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py", line 139, in install_dirsrv_cert 'restart_dirsrv %s' % serverid) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py", line 291, in import_cert self.check_chain(pkcs12_file.name, pin, cdb) File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py", line 277, in check_chain "to install the CA certificate." % str(e)) ipapython.admintool: DEBUG: The ipa-server-certinstall command failed, exception: ScriptError: Peer's certificate issuer is not trusted (certutil: certificate is invalid: Peer's Certificate issuer is not recognized. ). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. ipapython.admintool: ERROR: Peer's certificate issuer is not trusted (certutil: certificate is invalid: Peer's Certificate issuer is not recognized. ). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. ipapython.admintool: ERROR: The ipa-server-certinstall command failed. How to fix it ? Can anybody help me ))) ? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
