On 11/08/2013 09:01 AM, Martin Kosek wrote:
Thanks for heads up. You mean by the difference between "O=MW" and

Petr, is this possible? Can it be validated in the the installer if this is the
root cause?

It is possible. It's hard to tell without the logs; looks like the failure was inside Dogtag. There may be more issues; for instance I don't think we considered PEM files with extra data before the BEGIN CERTIFICATE. I filed a ticket to investigate: https://fedorahosted.org/freeipa/ticket/4019

On 11/08/2013 01:55 AM, William Leese wrote:
I was able to solve this by recreating my test CA. I believe the problem
was with non-matching Organisation between the CSR and CA - but I dont have
the knowledge to know if this is really required.

Anyhow, things work, despite not having removed the "-----BEGIN
CERTIFICATE-----" lines this time around.

Thanks for the help and sorry for wasting your time!


Freeipa-users mailing list

Reply via email to