I have successfully installed for http and dir service.
Now i have one more query i.e there are default certificates which are valid for one year
as per attached SS.
Can you please help how can i renew it or it wont affect when its expired?
On 01-Apr-2021, at 1:08 AM, Rob Crittenden
Ashwath Kumar via FreeIPA-users wrote:
> Hello Team,
> Can you please help us to troubleshoot custom ssl certificate for freeipa service.
> Getting below error while trying.
> [root@ldap1 certs]# ipa-server-certinstall --http robosoftincom.crt
> Directory Manager password:
> Enter private key unlock password:
> The full certificate chain is not present in robosoftincom.crt, robosoftincom.key
> The ipa-server-certinstall command failed.
> [root@ldap1 certs]#
IPA needs the entire certificate chain for the issuer of robosoftincom.crt
You need to use ipa-cacert-manage to provide the chain to IPA, then run
ipa-certupdate on all enrolled machines, including IPA servers. Then
ipa-server-certinstall should succeed.
Robosoft Technologies - Emotion Engineering & Design
Disclaimer: This email may contain confidential material. If you were not an intended
recipient, please notify the sender and delete all copies. Emails to and from our network
may be logged and monitored. This email and its attachments are scanned for virus by our
scanners and are believed to be safe. However, no warranty is given that this email is
free of malicious content or virus.