Found it. The error message on the ipa server (in /var/log/httpd/error_log) was less misleading:
SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate After installing the ca-certificates package and adding the root certificate to it the problem was gone. Thanx to everybody Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
