[Freeipa-users] Re: Certificate issuer has been marked as not trusted by the user

I recently had the certificates I use on my FreeIPA server expire, preventing ipa from starting. So I replaced them with the new ones, and IPA still wouldn't start, whereupon after some digging I discovered the new certificates came with new Intermediate and root certificates. So I installed those using ipa-cacert-manage, ran ipa-certupdate, and then re-installed my certificates using ipa-server-certinstall, all of which appeared to work. However, the IPA service still won't start, with the issue apparently being that pki-tomcat isn't starting properly. Looking at the /var/log/pki/pki-tomcat/ca/debug file shows that the reason for this is: Internal Database Error encountered: Could not connect to LDAP server host freeipaserver-a.ravnalaska.net <http://freeipaserver-a.ravnalaska.net> port 636 Error netscape.ldap.LDAPException: Unable to create socket: org.mozilla.jss.ssl.SSLSocketException: org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8172) Peer's certificate issuer has been marked as not trusted by the user. (-1) Ok, sounds simple enough, so how do I mark the Peer's certificate issuer as trusted? Thanks.