> [root@vagrant-centos-6 CA]# cat /root/server.pem >> Certificate: >> Data: >> Version: 3 (0x2) >> Serial Number: 2 (0x2) >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: C=JP, ST=TK, L=TKK, O=MW, OU=ops, >> CN=vagrant.localdomain/[email protected] <mailto:[email protected]> >> >> Validity >> Not Before: Nov 6 05:12:09 2013 GMT >> Not After : Nov 6 05:12:09 2014 GMT >> Subject: O=MELTWATER.COM <http://MELTWATER.COM>, CN=Certificate >> >> Authority >> [snip] >> -----BEGIN CERTIFICATE----- >> MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJKUDEL >> MAkGA1UECAwCVEsxDDAKBgNVBAcMA1RLSzELMAkGA1UECgwCTVcxDDAKBgNVBAsM >> A29wczEcMBoGA1UEAwwTdmFncmFudC5sb2NhbGRvbWFpbjEWMBQGCSqGSIb3DQEJ >> [snip] >> > > Try removing everything before the -----BEGIN CERTIFICATE----- line from > the PEM.
Well that was unexpected: removing the BEGIN Certificate / End lines now makes the install proceed up until: The log file for this installation can be found in /var/log/ipaserver-install.log The PKCS#10 certificate is not signed by the external CA (unknown issuer E= [email protected],CN=vagrant-centos-6,OU=JP,O=JP,L=JP,ST=JP,C=JP). Do I need to do anything to make my freshly created internal CA trusted for the installation? I've tried the usual magic in /etc/pki/tls/certs, but to no avail.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
