Ashwath Kumar via FreeIPA-users wrote:
Thanks Rob.
I have successfully installed for http and dir service.
Now i have one more query i.e there are default certificates which are
valid for one year as per attached SS.
Can you please help how can i renew it or it wont affect when its expired?
The default certificates issued by IPA are tracked by certmonger and
will be renewed when they approach expiration.
rob
Regards
Ashwath
> On 01-Apr-2021, at 1:08 AM, Rob Crittenden <rcritten(a)redhat.com
> <mailto:rcritten@redhat.com>> wrote:
>
> Ashwath Kumar via FreeIPA-users wrote:
>> Hello Team,
>>
>> Can you please help us to troubleshoot custom ssl certificate for
>> freeipa service.
>>
>> Getting below error while trying.
>>
>> [root@ldap1 certs]# ipa-server-certinstall --http robosoftincom.crt
>> robosoftincom.key
>> Directory Manager password:
>>
>> Enter private key unlock password:
>>
>> The full certificate chain is not present in robosoftincom.crt,
>> robosoftincom.key
>> The ipa-server-certinstall command failed.
>> [root@ldap1 certs]#
>
> IPA needs the entire certificate chain for the issuer of robosoftincom.crt
>
> You need to use ipa-cacert-manage to provide the chain to IPA, then run
> ipa-certupdate on all enrolled machines, including IPA servers. Then
> ipa-server-certinstall should succeed.
>
>
> See
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>
> rob
>
----------------------------------------------------
Robosoft Technologies - Emotion Engineering & Design
Disclaimer: This email may contain confidential material. If you were
not an intended recipient, please notify the sender and delete all
copies. Emails to and from our network may be logged and monitored. This
email and its attachments are scanned for virus by our scanners and are
believed to be safe. However, no warranty is given that this email is
free of malicious content or virus.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure