Hello,
is it possible to get 3rd CA (we were thinking of doing so) and following
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP will
help me resolve this?
thank you,
regards,
Bhavin
Using 3rd part certificates for HTTP/LDAP -
Hello the FreeIPA List,
We've got a FreeIPA directory set up and running. That's all good.
The difficult part is that we also have a number (many) of SLE 12 SP2 hosts
that need to be enrolled.
I can see that the freeipa-client package has not been available to SLE/SUSE
since 2015 or
Anvar Kuchkartaev wrote:
> Peer certificate cannot be authenticated with known CA certificates
> This error shows that your system cannot authenticate remote host (curl
> probably trying to authenticate using systemwide database rather than
> the CA certificate obtained from server). Try to add CA
On 23. okt. 2017 19:45, Bhavin Vaidya via FreeIPA-users wrote:
> We did manage to delete the certificates, all but the right one (we
> figured out looking at clients' /etc/ipa/ca.crt)
>
>
I have seen /etc/ipa/ca.crt get out of date before. It wasn't updated
automatically when renewing the CA cert,
Have you tried to add CA to systemwide database?
Peer certificate cannot be authenticated with known CA certificatesThis error shows that your system cannot authenticate remote host (curl probably trying to authenticate using systemwide database rather than the
Hello Rob,
here what we have. Looks like /etc/http/alias certificate is different, as it
is from Sug 03 2014 through Aug 03 2034, which is original date.
[root@ds01 alias]# certutil -L -d /etc/httpd/alias/
Certificate Nickname Trust Attributes
Thank you everyone.
We did manage to delete the certificates, all but the right one (we figured out
looking at clients' /etc/ipa/ca.crt)
But on client installation we now get different message, which is related to
certificate too. tried another IPA server too, same message.
Successfully
Thank you Anvar.
Yes earlier when we had certificate issue, we added new certificates and we
ended up having multiple certificates. Which we had to clean up.
Is this the question you asked?
after deleting extras certificates, we have not touch /etc/pki/nssdb.
regards,
Bhavin
Anvar Kuchkartaev wrote:
> Have you tried to add CA to systemwide database?
It gets added as part of ipa-client-install, after the point where it is
failing.
This leads me to believe you don't have the "right" CA certificate after
all.
Is your Apache web cert signed by the IPA CA or a 3rd
Hi thanks for your tips support,
I follow your tips and also find a RedHat document ->
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/config-sudo-clients.html
In short words:
- follow the instructions
- enable logging (sudoers_debug 2)
->
11 matches
Mail list logo