On Wed, Jul 12, 2017 at 01:20:36PM -0400, Mark Haney via FreeIPA-users wrote:
I'm really new to FreeIPA, and this is probably a stupid question, but I just setup a replica of the primary (not in production) IPA server we have. However, the replica's SSL cert is untrusted, while the primary IPA server's cert is fine. The docs I read said the SSL certs would be carried over when building the replica GPG file and installing the replica data.
Have I missed something in the replication setup process?
Which version(s) of FreeIPA?
Which service(s) (HTTP, LDAP?).
What client program(s) were used to contact the servers? (The same client, or different?) Has the IPA CA cert been properly installed for the relevant clients / client systems?
Can you show us the good / bad certs?
{{There are a lot of things to check when diagnosing PKI problems!}}
Thanks, Fraser