Hi, No-one has any idea here ? My Root Cert is installed OK.
# certutil -d /etc/pki/pki-tomcat/alias/ -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ocspSigningCert cert-pki-ca u,u,u subsystemCert cert-pki-ca u,u,u COMODOExternalCARoot C,C,C COMODORSADomainValidationSecureServerCA C,C,C Server-Cert cert-pki-ca u,u,u auditSigningCert cert-pki-ca u,u,Pu caSigningCert cert-pki-ca CTu,Cu,Cu COMODORSAAddTrustCA C,C,C I hope this helps. Cheers, Matt 2016-10-01 17:04 GMT+02:00 Matt . <yamakasi....@gmail.com>: > Hi guys, > > I have installed successfully an external CA Certificate for > https/LDAP but now I get this on my ipa-commands: > > ipa domainlevel-get > > ipa: ERROR: cert validation failed for > "CN=*.mysubdomain.ipa.mydomain.tld,OU=PositiveSSL Wildcard,OU=Domain > Control Validated" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate > issuer has been marked as not trusted by the user.) > > What can cause this ? > > I'm on FreeIPA, version: 4.4.1 > > I hope we can sort this out. > > Thanks, > > Matt -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project