This actually died after restart so I ended up starting over...
So here is the process I did that looks like it works and also survives
restart
Step 1 - Before install
http://stackoverflow.com/questions/23374894/mod-nss-with-apache-public-certificate-issue?noredirect=1#comment36504881_23374894
Thanks for sharing your (rather painful) experience, I am glad you made it
working in the end.
Just note that we are currently (read FreeIPA 4.0.x and FreeIPA 4.1) working
making the cert operations in the installers smoother so that after so that
people like you would have much easier job.
Hi,
Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting Error unable to get local issuer certificate getting
chain.
Where are you getting this error? ipa-server-certinstall, or httpd, or
I have 4 installed and I get it when I try to generate the pk12
On Aug 25, 2014 3:50 AM, Jan Cholasta jchol...@redhat.com wrote:
Hi,
Dne 25.8.2014 v 03:04 Chris Whittle napsal(a):
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting
I found this but I think it's just IPA certs?
http://www.freeipa.org/page/V4/CA_certificate_renewal
Basically I want to use my existing wildcard cert for https and ldaps...
I did this on my 3.3 install on CentOS but now I'm on a 4 install on Fedora
Core.
Any help would be more than appreciated!
ok I think I got it again... If anyone is looking for this here is the
answer that worked for me
1. Here are the steps
1.
http://stackoverflow.com/questions/23374894/mod-nss-with-apache-public-certificate-issue?noredirect=1#comment36504881_23374894
-- start at Convert crt
I spoke a little too soon... It's working fine (browser is using new cert
and also ldaps is using the new cert) except when you go to the certs page
on the ui.
https://DOMAIN/ipa/ui/#/e/cert/search
An error has occurred (IPA Error 4301: CertificateOperationError)
Certificate operation cannot be
Trying to do this
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
And I keep getting Error unable to get local issuer certificate getting
chain.
I'm wondering if it's because of this from the doc
The certificate in mysite.crt must be signed by the CA used when
installing