Forgot to add.
After some digging I saw the CA needed to be added to the nssdbs
I've added the CA cert to:
[root@ipa02 ipa02]# certutil -A -d /etc/pki/nssdb -n 'NewCA' -t CT,C,C -a
[root@ipa02 ipa02]# certutil -A -d /etc/httpd/alias -n 'NewCA' -t CT,C,C -a
On Mon, Oct 17, 2016 at 11:32 AM, Joshua Ruybal <jruy...@owneriq.com> wrote:
> We've recently tried to change our https web certs for our IPA servers
> following the instructions listed here: https://www.freeipa.org/
> The web gui is successfully using https now, however we are having several
> other problems.
> Enrollment now fails for new hosts, and we're unable to install replicas.
> Specifically we're seeing this error: (SEC_ERROR_UNTRUSTED_ISSUER) Peer's
> certificate issuer has been marked as not trusted by the user.
> Any advice on this?
> ipa-server 3.0.0
> CentOS 6.7
*Joshua Ruybal | Systems Engineer*
o: (866) 870-2295 x823 <8668702293x823> c: (206) 724-4549 <2067244549>
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project