OK Thanks a lot for the solution and for the advice.
2012/9/19 Rob Crittenden <rcrit...@redhat.com> > James James wrote: > >> Hi, >> >> I have followed this >> http://freeipa.org/page/**Certificate_Authority#Using_** >> Certificates_From_a_Different_**CA<http://freeipa.org/page/Certificate_Authority#Using_Certificates_From_a_Different_CA> >> and everything works well. >> >> Now when, from the console, I execute >> >> $ ipa user-find >> >> I've got >> >> [root@ipa ipa]# ipa user-find >> ipa: ERROR: cert validation failed for "E=certus...@example.com >> <mailto:certus...@example.com>**,CN=ipa.example.com >> <http://ipa.example.com>,OU=**TEST,O=TEST,C=FR" >> >> ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked >> as not trusted by the user.) >> ipa: ERROR: cannot connect to >> u'http://ipa.lix.example.com/**ipa/xml<http://ipa.lix.example.com/ipa/xml> >> ': >> [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has >> been marked as not trusted by the user. >> >> Any help will be very appreciated .. >> > > You need to add the CA certificate to /etc/pki/nssdb on the client and > mark it as trusted. > > Note that installing certificates from another CA is not recommended and > you may run into further corner cases. If you have an existing CA then > installing the IPA dogtag CA as a subordinate is a better long-term > solution. > > rob > >
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users