Certs are valid, I will check what you mentioned. I'm also no fan of bundles, more the seperate files but this doesn't seem to work always. At least for the CAroot a bundle was required.
Matt 2017-02-14 14:51 GMT+01:00 Sullivan, Daniel [CRI] <dsulliv...@bsd.uchicago.edu>: > Have you validated the cert (and dumped the contents) from the command line > using the openssl tools? I’ve seen the message you are seeing before, for > some reason I seem to remember that it has to do with either a missing or an > extra - at either the -----BEGIN CERTIFICATE---- or -----END CERTIFICATE---- > (an error from copy and pasting and not copying the actual file). > > I’ve never used certupdate so if what is described above doesn’t help > somebody else will have to chime in. > > Dan > >> On Feb 14, 2017, at 2:18 AM, Matt . <yamakasi....@gmail.com> wrote: >> >> Hi Dan, >> >> Ues i have tried that and I get the message that it misses the full >> chain for the certificate. >> >> My issue is more, why is the Server-Cert being removed on a certupdate ? >> >> Cheers, >> >> Matt >> >> 2017-02-14 2:18 GMT+01:00 Sullivan, Daniel [CRI] >> <dsulliv...@bsd.uchicago.edu>: >>> Is the chain in mydomain_com_bundle.crt? Have you tried it with the cert >>> only (disclaimer: I’ve never done this). >>> >>> Dan >>> >>>> On Feb 13, 2017, at 4:08 PM, Matt . <yamakasi....@gmail.com> wrote: >>>> >>>> Hi Guys, >>>> >>>> I'm trying to install a 3rd party certificate using: >>>> >>>> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP#Procedure_in_current_IPA >>>> >>>> When I run the install command for the certificate itself: >>>> >>>> ]# ipa-server-certinstall -w -d mydomain_com.key mydomain_com_bundle.crt >>>> Directory Manager password: >>>> >>>> Enter private key unlock password: >>>> >>>> list index out of range >>>> The ipa-server-certinstall command failed. >>>> >>>> >>>> If I do a #ipa-certupdate the Server-Cert is removed from >>>> /etc/httpd/alias and the install fails because of this. >>>> >>>> What can I do to solve this ? >>>> >>>> Thanks, >>>> >>>> Matt >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project