Hi

Disclaimer: I'm new on this mailing list but willing to share experience :)

Did you use "ipa-cacert-manage install -t C,," to install your external CA certificate? This command copies the certificate in cn=certificates,cn=ipa,cn=etc,dc=xxx

After this, you can use ipa-certupdate which will put the CA cert in all the needed NSS databases and update the nickname where needed.

Flo.

On 06/23/2016 04:54 AM, barry...@gmail.com wrote:
Hi :

I renew External CA cert below ...seem server-cert ok.

But ca CERT FAIL..
I ALREADY PASTE ON
/etc/httpd/alias
/etc/dirsrv/slapd-PKI-IPA
/etc/dirsv/slapd-ABX-com
/var/lib/pki-ca/alias 's CA conf

any idea?

 ABX-COM...[23/Jun/2016:10:42:32 +0800] - SSL alert:
CERT_VerifyCertificateNow: verify certificate failed for cert
Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable
Runtime error -8179 - Peer's Certificate issuer is not recognized.)




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to