On 11/07/2013 08:34 AM, William Leese wrote:


        [root@vagrant-centos-6 CA]# cat /root/server.pem
        Certificate:
              Data:
                  Version: 3 (0x2)
                  Serial Number: 2 (0x2)
                  Signature Algorithm: sha1WithRSAEncryption
                  Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops,
        CN=vagrant.localdomain/__emailAddress=t...@t.com <mailto:t...@t.com>
        <mailto:t...@t.com <mailto:t...@t.com>>

                  Validity
                      Not Before: Nov  6 05:12:09 2013 GMT
                      Not After : Nov  6 05:12:09 2014 GMT
                  Subject: O=MELTWATER.COM <http://MELTWATER.COM>
        <http://MELTWATER.COM>, CN=Certificate

        Authority
        [snip]
        -----BEGIN CERTIFICATE-----
        MIIDfDCCAmSgAwIBAgIBAjANBgkqhk__iG9w0BAQUFADB5MQswCQYDVQQGEwJK__UDEL
        MAkGA1UECAwCVEsxDDAKBgNVBAcMA1__RLSzELMAkGA1UECgwCTVcxDDAKBgNV__BAsM
        A29wczEcMBoGA1UEAwwTdmFncmFudC__5sb2NhbGRvbWFpbjEWMBQGCSqGSIb3__DQEJ
        [snip]


    Try removing everything before the -----BEGIN CERTIFICATE----- line
    from the PEM.

Well that was unexpected: removing the BEGIN Certificate / End lines now
makes the install proceed up until:

The log file for this installation can be found in
/var/log/ipaserver-install.log
The PKCS#10 certificate is not signed by the external CA (unknown issuer
E=x...@x.com 
<mailto:x...@x.com>,CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=JP,C=JP).

Can you please post more (all) of /var/lig/ipaserver-install.log? We need to know where exactly the issue is occuring and what the traceback is.

Do I need to do anything to make my freshly created internal CA trusted
for the installation? I've tried the usual magic in /etc/pki/tls/certs,
but to no avail.

No, --external_ca_file should have been enough.

--
PetrĀ³

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to