On 01-Apr-2021, at 1:08 AM, Rob Crittenden <rcritten@redhat.com> wrote:
Ashwath Kumar via FreeIPA-users wrote:Hello Team,
Can you please help us to troubleshoot custom ssl certificate for freeipa service.
Getting below error while trying.
[root@ldap1 certs]# ipa-server-certinstall --http robosoftincom.crt robosoftincom.key
Directory Manager password:
Enter private key unlock password:
The full certificate chain is not present in robosoftincom.crt, robosoftincom.key
The ipa-server-certinstall command failed.
[root@ldap1 certs]#
IPA needs the entire certificate chain for the issuer of robosoftincom.crt
You need to use ipa-cacert-manage to provide the chain to IPA, then run
ipa-certupdate on all enrolled machines, including IPA servers. Then
ipa-server-certinstall should succeed.
See https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
rob
----------------------------------------------------
Robosoft Technologies - Emotion Engineering & Design
Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.