A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory:
ldapsearch -b cn=certificates,cn=ipa,$basedn
2. Using ldapdelete (or LDAP browser), get rid of all certificates that
shouldn't be
A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory:
ldapsearch -b cn=certificates,cn=ipa,$basedn
2. Using ldapdelete, get rid of all certificates that shouldn't be there,
in my case
I've now set up a test box using exactly the same install command, SSL
certificate etc...
The /etc/ipa/ca.crt contains only 3 certificates but they are not CA
certificates that were included in the PKCS12 file:
[root@dupa temp]# for i in {1..3}; do echo cert${i}; openssl x509 -in
cert${i} -noout
