Hi,

I now have 3rd party SSL certificate successfully installed for LDAP and HTTP but I'm having issues with joining new clients to FreeIPA servers.


When I run "ipa-client-install --mkhomedir" on Centos 6 machine I get the following error:

"Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates"

/var/log/ipaclient-install.log shows:

"2016-01-24T22:06:26Z ERROR Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates"

I was under the impression that the 3rd party certificate's chain will be included in the CA certificate that the client gets from the servers and that it will successfully join the realm.

I specified the root certificate using --ca-cert-file= option and the install completed OK but is this really necessary? I do hope there is a better solution.

Many thanks.

--
Kind regards,
 Peter Pakos

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to