Andrea Bontempi wrote:
-12195 is SSL_ERROR_UNKNOWN_CA_ALERT in NSS.
I wonder if the root chain you gave to the IPA installer was complete.
I work with PEM file format, in the sub-ca certificate there aren't chains (but
isn't a problem if i use a self-generated CA).
(Moreover, the script has all the chain, the root certificate and the FreeIPA's
certificate, so it's strange.)
I try to add the chain follow this rule:
http://www.digicert.com/ssl-support/pem-ssl-creation.htm, but the script crash
(does't seem to support this method)
I fear it's a problem of my CA, but i have no idea what goes wrong.
Can you provide the logs from the failed install?
/var/log/ipaserver-install.log for sure, we may need the debug log from
the CA eventually too.
Freeipa-users mailing list