Hi everyone. I've a problem with my new freeipa installation, v4.1.0, over RHEL 7 like distribution.
The installation was ok, but now I've some problems operating via CLI: # ipa user-show admin ipa: ERROR: cert validation failed for "CN=srv01.ipa.mydomain.com,O=IPA.MYDOMAIN.COM" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) ipa: ERROR: cannot connect to 'https://srv01.ipa.mydomain.com/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user. I've got the same problem connectiong via curl, but after doing these command for curl now it works, but not for ipa cli operations: ---------------------- # certutil -A -d /etc/pki/nssdb -n 'IPA CA' -t CT,C,C -a -i /etc/ipa/ca.crt # certutil -L -d /etc/pki/nssdb Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI IPA CA CT,C,C # cp /etc/ipa/ca.crt /etc/pki/ca-trust/source/anchors/ # update-ca-trust extract ---------------------- And also this command doesn't work: # ipa trust-add --type=ad mydomain.com --admin Administrator --password ipa: ERROR: cert validation failed for "CN=srv01.ipa.mydomain.com,O=IPA.MYDOMAIN.COM" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) ipa: ERROR: cannot connect to 'https://srv01.ipa.mydomain.com/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user. So ... what's the problem? Let me know, thanks. Morgan Connetti gratis il mondo con la nuova indoona: hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo. E chiami gratis anche i numeri fissi e mobili nel mondo! Scarica subito l’app Vai su https://www.indoona.com/
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project