Hi there, is it possible to have a cert (say from VeriSign) for a IPA host and
use it for httpd (Web GUI), without breaking anything else? I've acquired one
and added it to nssdb (/etc/httpd/alias).
# certutil -L -d /etc/httpd/alias
Certificate Nickname Trust Attributes
COMP.COM IPA CA CT,C,C
Comp SSL CA - G2 - VeriSign, Inc. ,,
It's now used in /etc/httpd/conf.d/nss.conf and the cert looks good via a
browser. But it's breaking something, since I see this:
# ipa user-show admin
ipa: ERROR: cert validation failed for
((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not
trusted by the user.)
ipa: ERROR: cannot connect to 'https://ca-ldap01.comp.com/ipa/json':
(SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not
trusted by the user.
Adding this cert to /etc/dirsrv/slapd-CORP-COM/ nssdb didn't resolve the issue.
Thanks for any advice.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project