Hi I just wanted to say thank you to this list and especially to Rob Crittenden.. I could not log in to freeipa-users, there may be a problem in logging in with social network accounts. So I am sending this as an email.. Firstly My issue was freeIpa was refusing to install my comodo certificate with a signature algorithm complain. I am writing how I solved this issue with a complete CLI #recommended by Rob and significant milestone in solving my problemupdate-crypto-policies --set DEFAULT:SHA1#I received ca-bundle from my CA with my CRT file sudo ipa-cacert-manage -t C,, install my-domain.ca-bundle sudo ipa-certupdate #pem file incudes all the certificate authority chain.. sudo ipa-server-certinstall --http --dirsrv mydomain.key mydomain.pem
I have only one questionWhy didIı need to add this ca file to my freeIPA server? I mean it is already sgined with a public CA? web servers can easily see and do not throw any error when I install this certificate. but same is not true when I install this certificate in IDM or in anyting other than a web server.. so why do they not know my CA automaticaly? is it because this is especially designed for HTTPS connections? Do I need to request something different or from another vendor, such as verisgn?
Thanks again..