@dwmw2, I figured out the issue. Long story short, freeipa (which is our CA), when we enroll a PC into the realm, it adds the freeIPA cert to /etc/ssl/certs/ca-certificates.crt like it should, however it also adds other information that it shouldn't.
This results in p11-kit-trust.so blowing parsing errors. You can read the entire bug report here if you want. https://pagure.io/freeipa/issue/8106 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647285 Title: SSL trust not system-wide To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1647285/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
