hi,

earlier today I was reading a post about the new freeipa version on my
mobile device and got plenty of warnings about an invalid certificate. On a
fedora laptop no warnings, but this is the problem:

$ curl -LIv  https://www.freeipa.org
* Rebuilt URL to: https://www.freeipa.org/
* Hostname was NOT found in DNS cache
*   Trying 54.227.25.77...
* Connected to www.freeipa.org (54.227.25.77) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*     subject: CN=www.freeipa.org,O=Red Hat Inc.,L=Raleigh,ST=North
Carolina,C=US
*     start date: Jul 16 00:00:00 2014 GMT
*     expire date: Jul 19 12:00:00 2016 GMT
*     common name: www.freeipa.org
*     issuer: CN=DigiCert SHA2 High Assurance Server
CA,OU=www.digicert.com,O=DigiCert
Inc,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

You need to add the intermediate digicert certrificate, it seems.

Thanks!

-- 
regards,
natxo

-- 
--
Groeten,
natxo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to