hi, earlier today I was reading a post about the new freeipa version on my mobile device and got plenty of warnings about an invalid certificate. On a fedora laptop no warnings, but this is the problem:
$ curl -LIv https://www.freeipa.org * Rebuilt URL to: https://www.freeipa.org/ * Hostname was NOT found in DNS cache * Trying 54.227.25.77... * Connected to www.freeipa.org (54.227.25.77) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=www.freeipa.org,O=Red Hat Inc.,L=Raleigh,ST=North Carolina,C=US * start date: Jul 16 00:00:00 2014 GMT * expire date: Jul 19 12:00:00 2016 GMT * common name: www.freeipa.org * issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US * NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER) * Peer's Certificate issuer is not recognized. * Closing connection 0 curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html You need to add the intermediate digicert certrificate, it seems. Thanks! -- regards, natxo -- -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
