oops, I replied to the first post and missed the whole thread,
I see it's a DNS SAN issue I'll try adding it
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Same here on Fedora37
After installing Fedora37 and freeipa-client 4.10.1 I try to connect the server
using:
```
ipa-client-install --mkhomedir --force-join
```
and fail with the error
```
cannot connect to 'https://ipa/json': [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname
[solved]
As stated, SAN was missing in my certificates
I resubmitted my certificate at the ipa server adding SAN with:
# getcert resubmit -i -D $(hostname)
Now I can execute ipa-client-install without a problem!
Thanks!
El vie, 27 may 2022 a la(s) 11:38, Gustavo Berman
OpenSSL 3.0.2-0ubuntu1.1 is installed in 22.04
Previous email with openssl and curl commands were runt in ubuntu 22.04
El vie, 27 may 2022 a la(s) 11:23, Rob Crittenden (rcrit...@redhat.com)
escribió:
> Thanks, this is very helpful. I wonder if the same s_client and curl
> commands work from the
Thanks, this is very helpful. I wonder if the same s_client and curl
commands work from the Ubuntu 22.04 machine or if they'll fail in the
same way.
The cert lacks a DNS SAN for the hostname. I suspect this may be the
issue (using the CN has been deprecated forever but was still allowed in
most
Here's info obtained from the same client using openssl, you can se that
subject CN is fine.
localadmin@fisica75:~$ echo | openssl s_client -showcerts -servername
ipaserver.fisica.cabib -connect ipaserver.fisica.cabib:443 2>/dev/null |
openssl x509 -inform pem -noout -text
Certificate:
Data:
Gustavo Berman via FreeIPA-users wrote:
> Hello there!
>
> Ubuntu 18.04 (and previous ones) works just fine
> In Ubuntu 22.04 I'm trying to execute ipa-client install but it fails with:
>
> root@fisica75:~# ipa-client-install
> This program will set up IPA client.
> Version 4.9.8
>
> WARNING: