James James wrote:
Hi,
I have followed this
http://freeipa.org/page/Certificate_Authority#Using_Certificates_From_a_Different_CA
and everything works well.
Now when, from the console, I execute
$ ipa user-find
I've got
[root@ipa ipa]# ipa user-find
ipa: ERROR: cert validation failed for "[email protected]
<mailto:[email protected]>,CN=ipa.example.com
<http://ipa.example.com>,OU=TEST,O=TEST,C=FR"
((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user.)
ipa: ERROR: cannot connect to u'http://ipa.lix.example.com/ipa/xml':
[Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has
been marked as not trusted by the user.
Any help will be very appreciated ..
You need to add the CA certificate to /etc/pki/nssdb on the client and
mark it as trusted.
Note that installing certificates from another CA is not recommended and
you may run into further corner cases. If you have an existing CA then
installing the IPA dogtag CA as a subordinate is a better long-term
solution.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
