I have created an internal CA with openssl for my company with a sub ca for signing certain services such as FreeIPA root CA's problem I am having is I have signed the csr and uploaded it back to the freeipa server but when I try to run the second part of the install it errors out. The following is the command used to run the second part of the install: ipa-server-install --external-cert-file=/root/ipa.crt --external-cert-file=/root/internal-ca.cert.pem
this is the output: The log file for this installation can be found in /var/log/ipaserver-install.log Directory Manager password: ============================================================================== This program will set up the IPA Server. Version 4.12.2 This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the NTP client (chronyd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure SID generation * Configure the KDC to enable PKINIT IPA CA certificate with subject 'CN=Certificate Authority,O=EAJ Global,OU=UK Internal Certificate Authority,C=GB' was not found in /root/ipa.crt,/root/internal-ca.cert.pem. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information I used openssl to verify the certificate subject matches: root@ipa1:~# openssl x509 -in /root/ipa.crt -noout -subject subject=C=GB, O=EAJ Global, OU=UK Internal Certificate Authority, CN=Certificate Authority Only difference i see is the order of the subject line. But the subject itself is still valid. I am running Fedora 42 with the latest version in the repos installed. Any help would be appreciated. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
