barry...@gmail.com wrote:
Dear all:
I did change usin g 3rd party cert and now i tried to reimport the
orginal self sign cert i backup before all in p12 format.
Server-cert,p12 and ipacert.p12 i follow here and import successful.
BUT it show error during restart httpd that say untrust source. even i
added to "NSSEnforceValidCerts off" httpd worked but web site unable to
access, Any where i missed that i must make it trust again./
Also i tried 2nd way ipa-server-certinstall -w --http_pin=1234 ( i
backup p12 's password ) Server-cert.p12 but say incorrect password
it seem that the pin file txt inside is encrypted and not as same as the
password i created when in the Server-cert.p12
any idea ?
7 23:58:19 2014] [error] SSL Library Error: -8172 Certificate is signed
by an untrusted issuer
[Thu Mar 27 23:58:19 2014] [error] Unable to verify certificate
'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server
can start until the problem can be resolved.
It may be that the IPA CA isn't in the database.
certutil -L -d /etc/httpd/alias
Look for '$REALM IPA CA'
If it isn't there you can add it with:
certutil -A -n '$REALM IPA CA' -d /etc/httpd/alias -t CT,C,C -a -i
/etc/ipa/ca.crt
rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
