On 07/10/2015 04:36 PM, Natxo Asenjo wrote:

earlier today I was reading a post about the new freeipa version on my mobile
device and got plenty of warnings about an invalid certificate. On a fedora
laptop no warnings, but this is the problem:

$ curl -LIv https://www.freeipa.org
* Rebuilt URL to: https://www.freeipa.org/
* Hostname was NOT found in DNS cache
*   Trying
* Connected to www.freeipa.org <http://www.freeipa.org> ( port 443
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
   CApath: none
* Server certificate:
*     subject: CN=www.freeipa.org <http://www.freeipa.org>,O=Red Hat
Inc.,L=Raleigh,ST=North Carolina,C=US
*     start date: Jul 16 00:00:00 2014 GMT
*     expire date: Jul 19 12:00:00 2016 GMT
*     common name: www.freeipa.org <http://www.freeipa.org>
*     issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com
<http://www.digicert.com>,O=DigiCert Inc,C=US
* Peer's Certificate issuer is not recognized.
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

You need to add the intermediate digicert certrificate, it seems.

Hello natxo,

Sorry for the late reply, I just returned from a longer PTO... I checked the site and finally figured out how to stuff the intermediate certificate to our OpenShift instance.

The issue now appears to be fixed, please try it and push back if it isn't :-)


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to