Hi folks,

Problem: ipa-client-install fails with

# rm -f /etc/ipa/ca.crt
# ipa-client-install
Discovery was successful!
Hostname: srvl023.ac.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa1.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please 
check that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for ad...@example.com:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=example AG,C=COM
    Issuer:      CN=example Root CA,OU=example Certificate Authority,O=example 
AG,C=COM
    Valid From:  Mon Dec 28 10:35:30 2015 UTC
    Valid Until: Mon Dec 31 23:59:59 2035 UTC

Joining realm failed: libcurl failed to execute the HTTP POST transaction, 
explaining:  SSL certificate problem: self signed certificate in certificate 
chain

Installation failed. Rolling back changes.
IPA client is not configured on this system.


???
Is this the chain sent from the ipa server to the new host?

Every helpful idea would be highly appreciated.


Regards
Harri

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to