Peter Pakos wrote: > On 14/01/2016 18:51, Rob Crittenden wrote: >> You need to add the new root certs to the pki NSS database. > > As far as I can see those 3 new CA certs are already in the database > (unless you're talking about a different db): > > $ certutil -d /etc/pki/nssdb/ -L > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > IPA.WANDISCO.COM IPA CA CT,C,C > AddTrust ,, > USERTrustRSAAddTrustCA ,, > GandiStandardSSLCA2 ,, > > Please advise. >
Discussed in IRC last night but for the sake of history, he needed to add the CA's to the dogtag NSS database in /var/lib/pki/pki-tomcat/alias/ with a trust of C,,. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project