barry...@gmail.com wrote:
Dear all:
I have succesfful impont certs to http and ldap but some inssue arise.
1) when i click in service in the UI it still using OLD entries of seld
sign cert and given out error ...pls see attachment,.
How to reflect the godaddy cert there and it cannot be deleted .??


You're misreading this. The IPA CA is still installed and has issued some certificates to some service (and probably hosts). I'm guessing you removed the IPA CA certificate from /etc/httpd/alias. You need to add it back to let IPA talk to its CA again.

2)  when start up dirsrv it casue some warning out say:
Starting dirsrv:
     ABS-COM...[31/Mar/2014:10:25:59 +0800] - SSL alert:
CERT_VerifyCertificateNow:      verify certificate failed for cert
*.wisers.com <http://wisers.com> - GoDaddy.com, Inc. of family
cn=RSA,c     n=encryption,cn=config (Netscape Portable Runtime error
-8172 - Peer's certificate iss     uer has been marked as not trusted by
the user.)
any where i should import again to skip the error and realize the change
no prompt out errors?

You need to add the GoDaddy CA cert chain to the 389-ds cert database in /etc/dirsrv/slapd-ABS-COM/

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to