James Roman wrote:
First off, thanks Rob for the direction on creating a certificate. After reading up on Mozilla's NSS, I think I've got a pretty fair grounding.So I successfully generated a CSR and had it signed. I imported my certificate and CA chain into the NSS database and exported it to a PKCS12 cert. I am primarily concerned with using the public cert on the HTTP interface. However, when I go to import it using ipa-server-certificate, it chokes on the names in the CA certificate chain. (One of the certs uses full website address for the name.) I can manually import each of the certificates in the CA chain using certutil on the /etc/httpd/alias directory.
What do you mean by choke? Do you have a python backtrace or can you send me the ipaserver-install.log?
Will this work?Are there any other configuration changes that I need to make the http interface function properly (like changes in the nss.conf)? What about manually modifying the directory server (/etc/dirsrv/slapd-KRBDOMAIN)?
What distro are you using? rob
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users