OK Thanks a lot for the solution and for the advice.
2012/9/19 Rob Crittenden <[email protected]> > James James wrote: > >> Hi, >> >> I have followed this >> http://freeipa.org/page/**Certificate_Authority#Using_** >> Certificates_From_a_Different_**CA<http://freeipa.org/page/Certificate_Authority#Using_Certificates_From_a_Different_CA> >> and everything works well. >> >> Now when, from the console, I execute >> >> $ ipa user-find >> >> I've got >> >> [root@ipa ipa]# ipa user-find >> ipa: ERROR: cert validation failed for "[email protected] >> <mailto:[email protected]>**,CN=ipa.example.com >> <http://ipa.example.com>,OU=**TEST,O=TEST,C=FR" >> >> ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked >> as not trusted by the user.) >> ipa: ERROR: cannot connect to >> u'http://ipa.lix.example.com/**ipa/xml<http://ipa.lix.example.com/ipa/xml> >> ': >> [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has >> been marked as not trusted by the user. >> >> Any help will be very appreciated .. >> > > You need to add the CA certificate to /etc/pki/nssdb on the client and > mark it as trusted. > > Note that installing certificates from another CA is not recommended and > you may run into further corner cases. If you have an existing CA then > installing the IPA dogtag CA as a subordinate is a better long-term > solution. > > rob > >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
