Hello!
Guys, I had set up FreeIPA 4.5 on Centos 7 with self-signed SSL cert.
Now I want to install my main wildcard cert (from Comodo CA) for domain where IPA-server
located, just for web-service, so web browsers won't complain to users about ssl.
As expected - when I'm trying to do:
# ipa-server-certinstall -w comodo.crt comodo.key
I'm getting:
Peer's certificate issuer is not trusted ((SEC_ERROR_UNKNOWN_ISSUER) Peer's
Certificate issuer is not recognized.). Please run ipa-cacert-manage install and
ipa-certupdate to install the CA certificate.
The ipa-server-certinstall command failed.
I've found on
https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/9...
all CA certs for Comodo and set them up via
# ipa-cacert-manage -p DM_PASSWORD -n NICKNAME -t C,, install ca.crt
# ipa-certupdate
As pointed on
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
But nontheless, when I'm trying after it - ipa-server-certinstall, I get above error
anyway.
I'm starting to go crazy with it and don't know what should I do to solve this :(
Help me please!
Thank you.