On 03/10/2014 09:07 PM, Simo Sorce wrote:
> On Mon, 2014-03-10 at 15:45 -0400, Robert Story wrote:
>> On Mon, 10 Mar 2014 15:44:01 +0100 Jan wrote:
>> JC> On 6.3.2014 05:42, Robert Story wrote:
>> JC> > I'm trying to install on CentOS 6.5 (ipa-server-3.0.0-37.el6.x86_64)
>> JC> > and an external CA. I'm getting this error:
>> JC> > [snip]
>> JC> Can you please run certutil -V on the issuer certificate
>> JC> (CN=Certificate Authority,O=xxx)? That might give us a clue why it is
>> JC> invalid.
>> Unfortunately I've already scrapped that install and just went with the
>> internal self-signed CA. So far, the only annoyance is that the webserver
>> also presents a self-signed cert for the UI.  Is it safe to replace just
>> the web cert with a cert signed by my local CA? Or might that break
>> something?
> Import the CA cert in your browser.
> Simo.

Yup, in FreeIPA 4.0 even that step should not be needed given the system shared
CA trust storage:

As for now, you can add the CA certificate also via convenience wizards in IPA
UI too:



Freeipa-users mailing list

Reply via email to