Hi All,
We are using our own (selfsigned) root CA for our installations. We just
started to use ipa and after exploring the possibilities we want to switch
to the root CA we normally use. According to [1] it should be done using
these instruction [2]. When we tray to renew the certificate we get this
error:
[root@ipa ~]# ipa-cacert-manage renew
--external-cert-file=/root/Certificate_Authority.pem
--external-cert-file=root.cer
t
Importing the renewed CA certificate, please wait
CA certificate chain in /root/Certificate_Authority.pem, root.cert is
incomplete: missing certificate with subject 'CN=Example SCRL'
The ipa-cacert-manage command failed.
When we check the subject of the file, it seems to be correct to me:
[root@ipa ~]# openssl x509 -noout -subject -in /root/root.cert
subject= /CN=Example SCRL
Is there anyone who can help me with this?
Kind regards,
wim vinckier.
[1]
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
[2]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
--
I would love to change the world, but they wont give me the source code.