Re: [Freeipa-users] Try to re-import self sign cert fail after used 3rd paty cert

2014-03-27 Thread Rob Crittenden

barry...@gmail.com wrote:

Dear all:

I did change usin g 3rd party cert and now i tried to reimport the
orginal self sign cert i backup before all in p12 format.

Server-cert,p12 and ipacert.p12 i follow here and import successful.

BUT it show error during restart httpd that say untrust source. even i
added to  "NSSEnforceValidCerts off" httpd worked but web site unable to
access,  Any where i missed that i must make it trust again./
Also i tried 2nd way  ipa-server-certinstall -w --http_pin=1234 ( i
backup p12 's password )  Server-cert.p12 but say incorrect password

it seem that the pin file txt inside is encrypted and not as same as the
password i created when  in the Server-cert.p12

any idea ?

7 23:58:19 2014] [error] SSL Library Error: -8172 Certificate is signed
by an untrusted issuer
[Thu Mar 27 23:58:19 2014] [error] Unable to verify certificate
'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server
can start until the problem can be resolved.


It may be that the IPA CA isn't in the database.

certutil -L -d /etc/httpd/alias

Look for '$REALM IPA CA'

If it isn't there you can add it with:

certutil -A -n '$REALM IPA CA' -d /etc/httpd/alias -t CT,C,C -a -i 
/etc/ipa/ca.crt


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


[Freeipa-users] Try to re-import self sign cert fail after used 3rd paty cert

2014-03-27 Thread barrykfl
Dear all:

I did change usin g 3rd party cert and now i tried to reimport the orginal
self sign cert i backup before all in p12 format.

Server-cert,p12 and ipacert.p12 i follow here and import successful.

BUT it show error during restart httpd that say untrust source. even i
added to  "NSSEnforceValidCerts off" httpd worked but web site unable to
access,  Any where i missed that i must make it trust again./

Also i tried 2nd way  ipa-server-certinstall -w --http_pin=1234 ( i
backup p12 's password )  Server-cert.p12 but say incorrect password

it seem that the pin file txt inside is encrypted and not as same as the
password i created when  in the Server-cert.p12

any idea ?

7 23:58:19 2014] [error] SSL Library Error: -8172 Certificate is signed by
an untrusted issuer
[Thu Mar 27 23:58:19 2014] [error] Unable to verify certificate
'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can
start until the problem can be resolved.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users