On 11/07/2013 08:34 AM, William Leese wrote:
[root@vagrant-centos-6 CA]# cat /root/server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops,
CN=vagrant.localdomain/[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
Validity
Not Before: Nov 6 05:12:09 2013 GMT
Not After : Nov 6 05:12:09 2014 GMT
Subject: O=MELTWATER.COM <http://MELTWATER.COM>
<http://MELTWATER.COM>, CN=Certificate
Authority
[snip]
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIBAjANBgkqhk__iG9w0BAQUFADB5MQswCQYDVQQGEwJK__UDEL
MAkGA1UECAwCVEsxDDAKBgNVBAcMA1__RLSzELMAkGA1UECgwCTVcxDDAKBgNV__BAsM
A29wczEcMBoGA1UEAwwTdmFncmFudC__5sb2NhbGRvbWFpbjEWMBQGCSqGSIb3__DQEJ
[snip]
Try removing everything before the -----BEGIN CERTIFICATE----- line
from the PEM.
Well that was unexpected: removing the BEGIN Certificate / End lines now
makes the install proceed up until:
The log file for this installation can be found in
/var/log/ipaserver-install.log
The PKCS#10 certificate is not signed by the external CA (unknown issuer
[email protected]
<mailto:[email protected]>,CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=JP,C=JP).
Can you please post more (all) of /var/lig/ipaserver-install.log? We
need to know where exactly the issue is occuring and what the traceback is.
Do I need to do anything to make my freshly created internal CA trusted
for the installation? I've tried the usual magic in /etc/pki/tls/certs,
but to no avail.
No, --external_ca_file should have been enough.
--
PetrĀ³
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
