I now have 3rd party SSL certificate successfully installed for LDAP and
HTTP but I'm having issues with joining new clients to FreeIPA servers.
When I run "ipa-client-install --mkhomedir" on Centos 6 machine I get
the following error:
"Joining realm failed: libcurl failed to execute the HTTP POST
transaction. Peer certificate cannot be authenticated with known CA
"2016-01-24T22:06:26Z ERROR Joining realm failed: libcurl failed to
execute the HTTP POST transaction. Peer certificate cannot be
authenticated with known CA certificates"
I was under the impression that the 3rd party certificate's chain will
be included in the CA certificate that the client gets from the servers
and that it will successfully join the realm.
I specified the root certificate using --ca-cert-file= option and the
install completed OK but is this really necessary? I do hope there is a
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project