Hello, I have a FreeIPA installation that is working very nicely, we already have configured many hosts and so far we are quite happy with it.
I was trying to connect Ansible to fetch hosts from FreeIPA using the freeipa.py script ( https://github.com/ansible/ansible/blob/devel/contrib/inventory/freeipa.py) Unfortunately when I run it, I get the following: *ipa: ERROR: cert validation failed for "CN=id1.prod.**xxxxxxxx**.com,O=PROD.xxxxxxxx.COM <http://PROD.xxxxxxxx.COM>" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.)* *ipa: ERROR: cert validation failed for "CN=id2.prod.**xxxxxxxx**.com,O=PROD.xxxxxxxx.COM <http://PROD.xxxxxxxx.COM>" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.)* *Traceback (most recent call last):* * File "./freeipa.py", line 82, in <module>* * api = initialize()* * File "./freeipa.py", line 17, in initialize* * api.Backend.rpcclient.connect()* * File "/usr/lib/python2.7/dist-packages/ipalib/backend.py", line 66, in connect* * conn = self.create_connection(*args, **kw)* * File "/usr/lib/python2.7/dist-packages/ipalib/rpc.py", line 939, in create_connection* * error=', '.join(urls))* *ipalib.errors.NetworkError: cannot connect to 'any of the configured servers': https://id1.prod <https://id1.prod>.**xxxxxxxx**.com/ipa/json, https://id2.prod <https://id2.prod>.**xxxxxxxx**.com/ipa/json* If I curl the URL, it works just fine ( I imported the CA Certificate in the system directory /etc/ssl/certs). I have run `openssl s_client` connect and downloaded the remote certificate locally, then I run: # openssl verify cert.pem # *id1.prod.**xxxxxxxx**.com.pem*: OK Would you help me figure out what's going on? -- Alessandro De Maria alessandro.dema...@gmail.com
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project