On 11/14/2013 03:29 AM, Andrea Bontempi wrote: > I did some tests: The error occurs when I use a CA managed by EJBCA, > if I use a CA generated by openssl or nss everything works properly. > > The problem is that i can't reproduce the bug in an external nss > db... but maybe I don't follow the same steps that uses the > installation script.
Do we have a copy of the sub-CA cert and the CA cert which we can examine? There are a variety of rules (primarially in the cert extentions) which can cause validation failure if the extensions are not as expected. My guess is you've got something specified in the extensions which is unanticiapated or incorrect. -- John _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
