On 08/28/2017 04:00 PM, Rob Morin via FreeIPA-users wrote:
Hello all...
So i have a wildcard cert from geotrust.
I am running freeipa V4.4 fresh install no users yet
I downloaded and installed their GeoTrust Primary Certification Authority root cert from
here -->
https://www.geotrust.com/resources/root-certificates/
I ran this command to import it...
ipa-cacert-manage -p password -n httpcrt -t C,, install root_ca.crt
I get back this ;
Installing CA certificate, please wait
CA certificate successfully installed
The ipa-cacert-manage command was successful
Then i go to install just the http cert for freeipa as dictated by company policy
Then I run this...
ipa-certupdate
Then i go to add the cert like this...
ipa-server-certinstall -w star_domain_com.key star_domain_com.crt
Directory Manager password:
Enter private key unlock password:
I get this back....
The full certificate chain is not present in star_domain_com.key, star_domain_com.crt
The ipa-server-certinstall command failed.
So I combined the bundle and cert into one file, still a no go , i tried bot ways cert
first then bundle, and bundle first then cert, still a no go.
Any ideas?
Thanks..
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Hi,
is your http cert directly signed by the CA root_ca.crt, or does the
cert chain contain additional certificates? In the latter case, you need
to add each intermediate certificate with ipa-cacert-manage +
ipa-certupdate before running ipa-server-certinstall.
HTH,
Flo