> [root@vagrant-centos-6 CA]# cat /root/server.pem
>> Certificate:
>>      Data:
>>          Version: 3 (0x2)
>>          Serial Number: 2 (0x2)
>>          Signature Algorithm: sha1WithRSAEncryption
>>          Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops,
>> CN=vagrant.localdomain/emailAddress=t...@t.com <mailto:t...@t.com>
>>
>>          Validity
>>              Not Before: Nov  6 05:12:09 2013 GMT
>>              Not After : Nov  6 05:12:09 2014 GMT
>>          Subject: O=MELTWATER.COM <http://MELTWATER.COM>, CN=Certificate
>>
>> Authority
>> [snip]
>> -----BEGIN CERTIFICATE-----
>> MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJKUDEL
>> MAkGA1UECAwCVEsxDDAKBgNVBAcMA1RLSzELMAkGA1UECgwCTVcxDDAKBgNVBAsM
>> A29wczEcMBoGA1UEAwwTdmFncmFudC5sb2NhbGRvbWFpbjEWMBQGCSqGSIb3DQEJ
>> [snip]
>>
>
> Try removing everything before the -----BEGIN CERTIFICATE----- line from
> the PEM.

Well that was unexpected: removing the BEGIN Certificate / End lines now
makes the install proceed up until:

The log file for this installation can be found in
/var/log/ipaserver-install.log
The PKCS#10 certificate is not signed by the external CA (unknown issuer E=
x...@x.com,CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=JP,C=JP).

Do I need to do anything to make my freshly created internal CA trusted for
the installation? I've tried the usual magic in /etc/pki/tls/certs, but to
no avail.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to