Ok, this is funny: ----------------------------------------------------------------------------------------------------- [root@dbm13 ca_rotta]# certutil -d sql:[nss db] -K certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" Enter Password or Pin for "NSS Certificate DB": < 0> rsa [hidden] ipa-ca-agent -----------------------------------------------------------------------------------------------------
The sub-ca doesn't have the private key. This is ridiculous... FreeIPA gave me the CSR... When i try to validate "ipa-ca-agent" with certutil i get this error: "Peer's certificate issuer is not recognized" (obvious if the certificate issuer does not have the private key) Andrea Bontempi _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
