Hello, After installing FreeIPA I followed instructions from http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP to use globally trusted certificates for HTTP/LDAP server interface to secure other systems provisioning.
Then it went out that pki-tomcatd is not able to start anymore because of this: | NFO: Deploying web application directory /var/lib/pki/pki-tomcat/webapps/ca | SSLAuthenticatorWithFallback: Creating SSL authenticator with fallback | SSLAuthenticatorWithFallback: Setting container | SSLAuthenticatorWithFallback: Initializing authenticators | SSLAuthenticatorWithFallback: Starting authenticators | 01:48:31,313 DEBUG (org.jboss.resteasy.plugins.providers.DocumentProvider:60) - Unable to retrieve ServletContext: expandEntityReferences defaults to true | 01:48:31,320 DEBUG (org.jboss.resteasy.plugins.providers.DocumentProvider:60) - Unable to retrieve ServletContext: expandEntityReferences defaults to true | Internal Database Error encountered: Could not connect to LDAP server host ipa.mydomain.com port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1) Meanwhile dirsrv tells me "Peer does not recognize and trust the CA that issued your certificate." I tried to fix trust by adding various certificates with certutil to /etc/dirsrv/slapd/ and /etc/pki/pki-tomcat/alias/, but nothing helped. Does anyone have a suggestion how to fix the situation? -- Best regards, Vladimir Kulev Mobile: +358400369346, +79215554422 Jabber: [email protected] Skype: lightoze
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
