> I follow the mAnual.using ipa cert install
> It will auto remove ipa cert after u insert godaddy . Should i add them
> back? No.conflict?
You only need to add in the CA. There will be no conflict.
> 2)do.umeant ca root cert of godaddy ? Ialread try added any ca root cert
> of godaddy the error still comes out
You need to add the CA that issued the wildcard cert they gave you.
Typically there are one or more subordinate CAs that actually issue the
> 2014/3/31 下午10:08 於 "Rob Crittenden" <rcrit...@redhat.com
> <mailto:rcrit...@redhat.com>> 寫道：
> barry...@gmail.com <mailto:barry...@gmail.com> wrote:
> Dear all:
> I have succesfful impont certs to http and ldap but some inssue
> 1) when i click in service in the UI it still using OLD entries
> of seld
> sign cert and given out error ...pls see attachment,.
> How to reflect the godaddy cert there and it cannot be deleted .??
> You're misreading this. The IPA CA is still installed and has issued
> some certificates to some service (and probably hosts). I'm guessing
> you removed the IPA CA certificate from /etc/httpd/alias. You need
> to add it back to let IPA talk to its CA again.
> 2) when start up dirsrv it casue some warning out say:
> Starting dirsrv:
> ABS-COM...[31/Mar/2014:10:25:__59 +0800] - SSL alert:
> CERT_VerifyCertificateNow: verify certificate failed for cert
> *.wisers.com <http://wisers.com> <http://wisers.com> -
> GoDaddy.com, Inc. of family
> cn=RSA,c n=encryption,cn=config (Netscape Portable Runtime error
> -8172 - Peer's certificate iss uer has been marked as not
> trusted by
> the user.)
> any where i should import again to skip the error and realize
> the change
> no prompt out errors?
> You need to add the GoDaddy CA cert chain to the 389-ds cert
> database in /etc/dirsrv/slapd-ABS-COM/
Freeipa-users mailing list