Gustavo Berman via FreeIPA-users wrote: > Hello there! > > Ubuntu 18.04 (and previous ones) works just fine > In Ubuntu 22.04 I'm trying to execute ipa-client install but it fails with: > > root@fisica75:~# ipa-client-install > This program will set up IPA client. > Version 4.9.8 > > WARNING: conflicting time&date synchronization service 'ntp' will be > disabled in favor of chronyd > > Discovery was successful! > Do you want to configure chrony with NTP server or pool address? [no]: > Client hostname: fisica75.fisica.cabib > Realm: FISICA.CABIB > DNS Domain: fisica.cabib > IPA Server: ipaserver.fisica.cabib > BaseDN: dc=fisica,dc=cabib > > Continue to configure the system with these values? [no]: yes > Synchronizing time > No SRV records of NTP servers found and no NTP server or pool address > was provided. > Using default chrony configuration. > Attempting to sync time with chronyc. > Time synchronization was successful. > User authorized to enroll computers: tavo > Password for [email protected]: > Successfully retrieved CA cert > Subject: CN=Certificate Authority,O=FISICA.CABIB > Issuer: CN=Certificate Authority,O=FISICA.CABIB > Valid From: 2014-01-14 12:56:57 > Valid Until: 2034-01-14 12:56:57 > > Enrolled in IPA realm FISICA.CABIB > Created /etc/ipa/default.conf > Configured /etc/sssd/sssd.conf > Configured /etc/krb5.conf for IPA realm FISICA.CABIB > cannot connect to 'https://ipaserver.fisica.cabib/ipa/json': [SSL: > CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, > certificate is not valid for 'ipaserver.fisica.cabib'. (_ssl.c:997) > The ipa-client-install command failed. See > /var/log/ipaclient-install.log for more information > root@fisica75:~# > > There is no Hostname mismatch for the server certificate. It has been > working just fine for years with multiple distros as clients. I can > access the website with the same URL and cert is just fine. >
The error message is pretty clear and comes out of openssl. Can we see the web server certificate from that host? Can you confirm that the host the client connected to is actually this host (e.g. DNS or /etc/host issues)? rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
