Peter Pakos wrote:
> On 14/01/2016 18:51, Rob Crittenden wrote:
>> You need to add the new root certs to the pki NSS database.
> As far as I can see those 3 new CA certs are already in the database
> (unless you're talking about a different db):
> $ certutil -d /etc/pki/nssdb/ -L
> Certificate Nickname Trust
> IPA.WANDISCO.COM IPA CA CT,C,C
> AddTrust ,,
> USERTrustRSAAddTrustCA ,,
> GandiStandardSSLCA2 ,,
> Please advise.
Discussed in IRC last night but for the sake of history, he needed to
add the CA's to the dogtag NSS database in
/var/lib/pki/pki-tomcat/alias/ with a trust of C,,.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project