john doe via FreeIPA-users wrote:
can't pass the expection below on freeipa-client-install:
> libcurl failed to execute the HTTP POST transaction, explaining: Problem with the
SSL CA cert (path? access rights?)
Not sure if this is causative to the message, curling - the cacert manually works without
a hitch.
Works manually how?
FreeIPA Server: Centos 8.2, looks nominal, the client is on Centos
7.
Debug log:
https://pastebin.com/eEhd7e0e
The LDAP request for the cert fails with:
Server
ldap/dc-22a5aeca6717.atmospheric-chemistry-testbed.eu(a)ATMOSPHERIC-CHEMISTRY-TESTBED.EU
not found in Kerberos database
So it could be a naming issue. Is one of your IPA servers actually
dc-22a5aeca6717.atmospheric-chemistry-testbed.eu? I'd look in the
keytabs on that machine and/or the certs to be sure those have the right
naming.
rob