Problem: ipa-client-install fails with
# rm -f /etc/ipa/ca.crt
Discovery was successful!
DNS Domain: example.com
IPA Server: ipa1.example.com
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please
check that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for ad...@example.com:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=example AG,C=COM
Issuer: CN=example Root CA,OU=example Certificate Authority,O=example
Valid From: Mon Dec 28 10:35:30 2015 UTC
Valid Until: Mon Dec 31 23:59:59 2035 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction,
explaining: SSL certificate problem: self signed certificate in certificate
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Is this the chain sent from the ipa server to the new host?
Every helpful idea would be highly appreciated.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project