On Wed, Jul 12, 2017 at 01:20:36PM -0400, Mark Haney via FreeIPA-users wrote:
I'm really new to FreeIPA, and this is probably a stupid
question, but I
just setup a replica of the primary (not in production) IPA server we have.
However, the replica's SSL cert is untrusted, while the primary IPA server's
cert is fine. The docs I read said the SSL certs would be carried over when
building the replica GPG file and installing the replica data.
Have I missed something in the replication setup process?
Which version(s) of FreeIPA?
Which service(s) (HTTP, LDAP?).
What client program(s) were used to contact the servers? (The same
client, or different?) Has the IPA CA cert been properly installed
for the relevant clients / client systems?
Can you show us the good / bad certs?
{{There are a lot of things to check when diagnosing PKI problems!}}
Thanks,
Fraser