dmitriys via FreeIPA-users wrote: > Hi! > I rebuild my server now I use Centos 8 > I installed freeipa : > # ipa-server-install > and try to change self sign certificate on Comodo. > My steps: > - get root CA from gogetssl.com > - ipa-cacert-manage -p password -n ARAX -t C,, install /root/ca.crt > - ipa-certupdate > - ipa-server-certinstall -w -d /root/httpd_arax.key /root/httpd_arax.crt > and here i get an error > Directory Manager password: > > Enter private key unlock password: > > Peer's certificate issuer is not trusted (certutil: certificate is invalid: > Peer's Certificate issuer is not recognized. > ). Please run ipa-cacert-manage install and ipa-certupdate to install the CA > certificate. > The ipa-server-certinstall command failed. > > How i can fix it ?
You need the entire CA chain and not just the root. You're likely missing one or more subordinates. Find those and install them the same way using ipa-cacert-manage. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
