Re: [Freeipa-users] Using external certificate in IPA 4.1
Hi, On 4.2.2016 17:45, Martin Kosek wrote: On 02/03/2016 06:02 PM, Ossi Ahosalmi wrote: I'm trying to use our organizations wildcard certificate in IPA. Certificate is signed by a trusted CA. Running: ipa-server-certinstall -w -d with next combinations: - separate .key, .crt and ca chain, all in PEM format - .crt and ca bundled into one file, .key as a separate file - everything bundled together into one .p12 pkcs12 file I always end up with this error: "The full certificate chain is not present in ." My CA file contains the whole chain and works in all other programs, just not in IPA. CCing Jan, but I think you are hitting https://fedorahosted.org/freeipa/ticket/5603 Actually I think it's #4786, but if that was fixed, you would hit #5603 as well. Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Using external certificate in IPA 4.1
I'm trying to use our organizations wildcard certificate in IPA. Certificate is signed by a trusted CA. Running: ipa-server-certinstall -w -d with next combinations: - separate .key, .crt and ca chain, all in PEM format - .crt and ca bundled into one file, .key as a separate file - everything bundled together into one .p12 pkcs12 file I always end up with this error: "The full certificate chain is not present in ." My CA file contains the whole chain and works in all other programs, just not in IPA. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Using external certificate in IPA 4.1
On 02/03/2016 06:02 PM, Ossi Ahosalmi wrote: > I'm trying to use our organizations wildcard certificate in IPA. Certificate > is > signed by a trusted CA. > > Running: > ipa-server-certinstall -w -d > > with next combinations: > > - separate .key, .crt and ca chain, all in PEM format > - .crt and ca bundled into one file, .key as a separate file > - everything bundled together into one .p12 pkcs12 file > > I always end up with this error: > > "The full certificate chain is not present in ." > > My CA file contains the whole chain and works in all other programs, just not > in IPA. > > CCing Jan, but I think you are hitting https://fedorahosted.org/freeipa/ticket/5603 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project