Hello dear all,
I have problem for instalation FreeIPA server with public signature certificate.
Used this command:
ipa-server-install --external-ca --realm ISKRATEL.MK --domain iskratel.mk --hostname
ipa.iskratel.mk --ca-subject='CN=*.iskratel.mk'
ipa-server-install --external-cert-file=/root/cert/STAR_iskratel_mk.crt
--external-cert-file=/root/cert/My_CA_Bundle.ca-bundle.crt
The STAR_iskratel_mk.crt certificate is a wildcard on *.iskratel.mk. ( Issuer: Sectigo RSA
Domain Validation Secure Server CA, Sectigo Limited Write review of Sectigo )
The My_CA_Bundle.ca-bundle.crt certificate is a composed of server.crt + intermediate.crt
+ root_CA.crt ( Sectigo RSA Domain Validation Secure Server CA + USERTrust RSA
Certification Authority + AAA Certificate Services )
And get this error message:
ipapython.admintool: ERROR CA certificate CN=AAA Certificate Services,O=Comodo CA
Limited,L=Salford,ST=Greater Manchester,C=GB in /root/cert/STAR_iskratel_mk.crt,
/root/cert/chain.crt is not valid: not a CA certificate
Full error log link:
https://easyupload.io/auy0a8
I used this version:
Freeipa version: VERSION: 4.6.8
OS: CentOS Linux release 7.9.2009
Besr regards,
Goce Joncheski