Thanks Rob.

I have successfully installed for http and dir service.


Now i have one more query i.e there are default certificates which are valid for one year as per attached SS.

Can you please help how can i renew it or it wont affect when its expired?




Regards
Ashwath

On 01-Apr-2021, at 1:08 AM, Rob Crittenden <rcritten@redhat.com> wrote:

Ashwath Kumar via FreeIPA-users wrote:
Hello Team,

Can you please help us to troubleshoot custom ssl certificate for freeipa service.

Getting below error while trying.

[root@ldap1 certs]# ipa-server-certinstall --http robosoftincom.crt robosoftincom.key
Directory Manager password: 

Enter private key unlock password: 

The full certificate chain is not present in robosoftincom.crt, robosoftincom.key
The ipa-server-certinstall command failed.
[root@ldap1 certs]# 

IPA needs the entire certificate chain for the issuer of robosoftincom.crt

You need to use ipa-cacert-manage to provide the chain to IPA, then run
ipa-certupdate on all enrolled machines, including IPA servers. Then
ipa-server-certinstall should succeed.


See https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP

rob



----------------------------------------------------

Robosoft Technologies - Emotion Engineering & Design

Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.