Hi, I’ve been suffocating the same problem. I applied ipa-server-certinstall
without adding ca first.
I applied your steps and added my ca.crt to /etc/ipa/ca.crt and /etc/ipa/nssdb
with certutil, after than I run ipa-certupdate and it still fails.
[root@xxx ~]# certutil -d sql:/etc/ipa/nssdb/ -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Xxx IPA CA CT,C,C
globalsign CT,C,C
After this I ran ipa-certupdate and it says
cannot connect to 'any of the configured servers’: …. (List of my ipaservers
goes here)
The ipa-certupdate command failed.
Should I do this process for all servers, or I am missing something? Related to
this problem I am having login failure at the web ui. Would it work if I
created a new db and added my GlobalSign ca there? Do I need the self signed
ipa ca?
PS: I'm running freeipa on rhel8
Thanks.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
