Ho Rob, same problem;
ipa-cacert-manage -n "Godaddy" -t CT,C,C install gd_bundle-g2-g1.crt -v
ipa: DEBUG: Starting external process
ipa: DEBUG: args=/usr/bin/certutil -d /tmp/tmpp31Uuq -N -f /tmp/tmp4TnBRN
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=
ipa: DEBUG: Starting external process
ipa: DEBUG: args=/usr/bin/certutil -d /tmp/tmpp31Uuq -A -n Godaddy -t C,,
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=
ipa: DEBUG: Starting external process
ipa: DEBUG: args=/usr/bin/certutil -d /tmp/tmpp31Uuq -A -n TEST.IPA.US
<
http://TEST.IPA.US> IPA CA -t CT,C,C
ipa: DEBUG: Process finished, return code=0
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG: Destroyed connection
context.ldap2_69179024
ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py",
line 113, in run
rc = self.install()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_cacert_manage.py",
line 356, in install
"troubleshooting guide)" % e)
ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: The
ipa-cacert-manage command failed, exception: ScriptError: Not a valid CA
certificate: (SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not
recognized. (visit
http://www.freeipa.org/page/Troubleshooting for
troubleshooting guide)
ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: Not a valid
CA certificate: (SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is
not recognized. (visit
http://www.freeipa.org/page/Troubleshooting for
troubleshooting guide)
ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: The
ipa-cacert-manage command failed.
You may need to break the bundle into discrete files if there are
multiple certificates in it.
rob
On 11 August 2017 at 11:47, Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> wrote:
Adrian HY via FreeIPA-users wrote:
> Hi, I need to incorporate a godaddy certificate in freeipa.
>
> I have three files: 4dfc653ab0cf823d.crt, gd_bundle-g2-g1.crt and mykey.key.
>
> When I run the command * ipa-cacert-manage -n "Godaddy" -t CT,C,C
> install cert.pem* the output is
>
> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: DEBUG: The
> ipa-cacert-manage command failed, exception: ScriptError: Not a valid CA
> certificate: not a CA certificate (visit
>
http://www.freeipa.org/page/Troubleshooting
<
http://www.freeipa.org/page/Troubleshooting> for troubleshooting guide)
> ipa.ipaserver.install.ipa_cacert_manage.CACertManage: ERROR: Not a valid
> CA certificate: not a CA certificate
So you mention three files you have and your command references none of
them...
You want to pass gd_bundle-g2-g1.crt.
rob