Thanks for heads up. You mean by the difference between "O=MW" and
Petr, is this possible? Can it be validated in the the installer if this is the
On 11/08/2013 01:55 AM, William Leese wrote:
> I was able to solve this by recreating my test CA. I believe the problem
> was with non-matching Organisation between the CSR and CA - but I dont have
> the knowledge to know if this is really required.
> Anyhow, things work, despite not having removed the "-----BEGIN
> CERTIFICATE-----" lines this time around.
> Thanks for the help and sorry for wasting your time!
> William Leese
> Production Engineer,
> Operations, Asia Pacific
> Meltwater Group
> m: +81 80 4946 0329
> skype: william.leese1
> w: meltwater.com
> This email and any attachment(s) is intended for and confidential to the
> addressee. If you are neither the addressee nor an authorized recipient for
> the addressee, please notify us of receipt, delete this message from your
> system and do not use, copy or disseminate the information in, or attached
> to it, in any way. Our messages are checked for viruses but please note
> that we do not accept liability for any viruses which may be transmitted in
> or with this message.
> On Thu, Nov 7, 2013 at 8:36 PM, Petr Viktorin <pvikt...@redhat.com> wrote:
>> On 11/07/2013 08:34 AM, William Leese wrote:
>>> [root@vagrant-centos-6 CA]# cat /root/server.pem
>>> Version: 3 (0x2)
>>> Serial Number: 2 (0x2)
>>> Signature Algorithm: sha1WithRSAEncryption
>>> Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops,
>>> CN=vagrant.localdomain/__emailAddress=t...@t.com <mailto:t...@t.com>
>>> <mailto:t...@t.com <mailto:t...@t.com>>
>>> Not Before: Nov 6 05:12:09 2013 GMT
>>> Not After : Nov 6 05:12:09 2014 GMT
>>> Subject: O=MELTWATER.COM <http://MELTWATER.COM>
>>> <http://MELTWATER.COM>, CN=Certificate
>>> -----BEGIN CERTIFICATE-----
>>> Try removing everything before the -----BEGIN CERTIFICATE----- line
>>> from the PEM.
>>> Well that was unexpected: removing the BEGIN Certificate / End lines now
>>> makes the install proceed up until:
>>> The log file for this installation can be found in
>>> The PKCS#10 certificate is not signed by the external CA (unknown issuer
>>> E=x...@x.com <mailto:x...@x.com>,CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=
>> Can you please post more (all) of /var/lig/ipaserver-install.log? We need
>> to know where exactly the issue is occuring and what the traceback is.
>> Do I need to do anything to make my freshly created internal CA trusted
>>> for the installation? I've tried the usual magic in /etc/pki/tls/certs,
>>> but to no avail.
>> No, --external_ca_file should have been enough.
> Freeipa-users mailing list
Freeipa-users mailing list