barry...@gmail.com wrote:
Dear all: I have succesfful impont certs to http and ldap but some inssue arise. 1) when i click in service in the UI it still using OLD entries of seld sign cert and given out error ...pls see attachment,. How to reflect the godaddy cert there and it cannot be deleted .??
You're misreading this. The IPA CA is still installed and has issued some certificates to some service (and probably hosts). I'm guessing you removed the IPA CA certificate from /etc/httpd/alias. You need to add it back to let IPA talk to its CA again.
2) when start up dirsrv it casue some warning out say: Starting dirsrv: ABS-COM...[31/Mar/2014:10:25:59 +0800] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert *.wisers.com <http://wisers.com> - GoDaddy.com, Inc. of family cn=RSA,c n=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's certificate iss uer has been marked as not trusted by the user.) any where i should import again to skip the error and realize the change no prompt out errors?
You need to add the GoDaddy CA cert chain to the 389-ds cert database in /etc/dirsrv/slapd-ABS-COM/
rob _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users