Hi folks,
Problem: ipa-client-install fails with
# rm -f /etc/ipa/ca.crt
# ipa-client-install
Discovery was successful!
Hostname: srvl023.ac.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa1.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please
check that 123 UDP port is opened.
User authorized to enroll computers: admin
Password for ad...@example.com:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=example AG,C=COM
Issuer: CN=example Root CA,OU=example Certificate Authority,O=example
AG,C=COM
Valid From: Mon Dec 28 10:35:30 2015 UTC
Valid Until: Mon Dec 31 23:59:59 2035 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction,
explaining: SSL certificate problem: self signed certificate in certificate
chain
Installation failed. Rolling back changes.
IPA client is not configured on this system.
???
Is this the chain sent from the ipa server to the new host?
Every helpful idea would be highly appreciated.
Regards
Harri
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
