Hi ! After you advice i did this : # kinit admin # ipa ping IPA server version 4.6.90.pre1+git20180411. API version 2.229 # ipa-cacert-manage -p 'Q*password' -n COMODO -t C,, install /home/addtrustexternalcaroot2.crt Installing CA certificate, please wait CA certificate successfully installed The ipa-cacert-manage command was successful
# ipa-certupdate ipaplatform.redhat.tasks: INFO: Systemwide CA database updated. ipalib.backend: DEBUG: Destroyed connection context.rpcclient_140600762419792 ipapython.admintool: INFO: The ipa-certupdate command was successful # ipa-server-certinstall -w -d /home/ldap_soft2bet_com.key /home/ldap_comodo.pem ipapython.admintool: DEBUG: The ipa-server-certinstall command failed, exception: ScriptError: Peer's certificate issuer is not trusted (certutil: certificate is invalid: Peer's Certificate issuer is not recognized. ). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. ipapython.admintool: ERROR: Peer's certificate issuer is not trusted (certutil: certificate is invalid: Peer's Certificate issuer is not recognized. ). Please run ipa-cacert-manage install and ipa-certupdate to install the CA certificate. ipapython.admintool: ERROR: The ipa-server-certinstall command failed. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org