Dear all:

I did change usin g 3rd party cert and now i tried to reimport the
orginal self sign cert i backup before all in p12 format.

Server-cert,p12 and ipacert.p12 ....i follow here and import successful.

BUT it show error during restart httpd that say untrust source. even i
added to  "NSSEnforceValidCerts off" httpd worked but web site unable to
access,  Any where i missed that i must make it trust again./
Also i tried 2nd way .... ipa-server-certinstall -w --http_pin=1234 ( i
backup p12 's password )  Server-cert.p12 but say incorrect password

it seem that the pin file txt inside is encrypted and not as same as the
password i created when  in the Server-cert.p12

any idea ?

7 23:58:19 2014] [error] SSL Library Error: -8172 Certificate is signed
by an untrusted issuer
[Thu Mar 27 23:58:19 2014] [error] Unable to verify certificate
'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server
can start until the problem can be resolved.

It may be that the IPA CA isn't in the database.

certutil -L -d /etc/httpd/alias

Look for '$REALM IPA CA'

If it isn't there you can add it with:

certutil -A -n '$REALM IPA CA' -d /etc/httpd/alias -t CT,C,C -a -i /etc/ipa/ca.crt


Freeipa-users mailing list

Reply via email to