On Thu, Jan 05, 2012 at 10:38:11AM -0500, Rob Crittenden wrote:
> My first thought was that there was a CA trust issue. I believe that
> certmonger uses the NSS database where the certificate is stored so
> since it is also doing this against Apache (which in theory trust is
> ok for it to start at all) so I'm baffled. Hopefully the httpd logs
> will be enlightening.
The APIs it's using don't appear to let it do that, so unless there's
something going on under the covers, the IPA submission helper trusts
only the root certificate found in /etc/ipa/ca.crt.
Freeipa-users mailing list