Re: [Freeipa-users] Problem installing external SSL Certificate

2015-05-19 Thread Dewangga Bachrul Alam
This is the verbose log, tried to convert them to p12 format (dont know
it's right or not), still no luck.

http://fpaste.org/223608/88775143/raw/

Ref: http://www.redhat.com/archives/freeipa-users/2014-August/msg00338.html

Any additional hints?


On 05/19/2015 08:30 PM, Dewangga Bachrul Alam wrote:
 Hello!
 
 I was build FreeIPA 4.1.4 on CentOS 7.1, the deployment was done, but
 could I changes the HTTP and dirsv certificate? I have wildcard
 certificate (thawte SSL CA - G2). It is compatible for FreeIPA (http and
 dirsv)?
 
 I've tried to follow the instruction
 https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
 but no luck.
 
 $ ipa-server-certinstall -wd mydomain.co.id.key \
 mydomain.co.id-bundled.crt
 
 Directory Manager password:
 
 Enter private key unlock password:
 
 The full certificate chain is not present in mydomain.co.id.key,
 mydomain.co.id-bundled.crt
 
 FYI, mydomain.co.id-bundled.crt chain have SIGNED then INTERMEDIATE
 certificate order. (2 chain)
 
 I've tried to bundling them using root certificate, still have no luck.
 (3 chain, SIGNEDCERT, INTERMEDIATE, ROOTCERT).
 
 Any comments will be appreciated :)
 Thanks
 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


[Freeipa-users] Problem installing external SSL Certificate

2015-05-19 Thread Dewangga Bachrul Alam
Hello!

I was build FreeIPA 4.1.4 on CentOS 7.1, the deployment was done, but
could I changes the HTTP and dirsv certificate? I have wildcard
certificate (thawte SSL CA - G2). It is compatible for FreeIPA (http and
dirsv)?

I've tried to follow the instruction
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
but no luck.

$ ipa-server-certinstall -wd mydomain.co.id.key \
mydomain.co.id-bundled.crt

Directory Manager password:

Enter private key unlock password:

The full certificate chain is not present in mydomain.co.id.key,
mydomain.co.id-bundled.crt

FYI, mydomain.co.id-bundled.crt chain have SIGNED then INTERMEDIATE
certificate order. (2 chain)

I've tried to bundling them using root certificate, still have no luck.
(3 chain, SIGNEDCERT, INTERMEDIATE, ROOTCERT).

Any comments will be appreciated :)
Thanks

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project