James Roman wrote:
First off, thanks Rob for the direction on creating a certificate. After reading up on Mozilla's NSS, I think I've got a pretty fair grounding.

So I successfully generated a CSR and had it signed. I imported my certificate and CA chain into the NSS database and exported it to a PKCS12 cert. I am primarily concerned with using the public cert on the HTTP interface. However, when I go to import it using ipa-server-certificate, it chokes on the names in the CA certificate chain. (One of the certs uses full website address for the name.) I can manually import each of the certificates in the CA chain using certutil on the /etc/httpd/alias directory.

What do you mean by choke? Do you have a python backtrace or can you send me the ipaserver-install.log?

Will this work?
Are there any other configuration changes that I need to make the http interface function properly (like changes in the nss.conf)? What about manually modifying the directory server (/etc/dirsrv/slapd-KRBDOMAIN)?

What distro are you using?


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-users mailing list

Reply via email to