Re: Problem installing FreeIPA with a public signature certificate

Hello dear all, I have problem for instalation FreeIPA server with public signature certificate. Used this command: ipa-server-install --external-ca --realm ISKRATEL.MK --domain iskratel.mk --hostname ipa.iskratel.mk --ca-subject='CN=*.iskratel.mk' ipa-server-install --external-cert-file=/root/cert/STAR_iskratel_mk.crt --external-cert-file=/root/cert/My_CA_Bundle.ca-bundle.crt The STAR_iskratel_mk.crt certificate is a wildcard on *.iskratel.mk. ( Issuer: Sectigo RSA Domain Validation Secure Server CA, Sectigo Limited Write review of Sectigo ) The My_CA_Bundle.ca-bundle.crt certificate is a composed of server.crt + intermediate.crt + root_CA.crt ( Sectigo RSA Domain Validation Secure Server CA + USERTrust RSA Certification Authority + AAA Certificate Services ) And get this error message: ipapython.admintool: ERROR CA certificate CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB in /root/cert/STAR_iskratel_mk.crt, /root/cert/chain.crt is not valid: not a CA certificate Full error log link: https://easyupload.io/auy0a8 I used this version: Freeipa version: VERSION: 4.6.8 OS: CentOS Linux release 7.9.2009 Besr regards, Goce Joncheski _______________________________________________ server mailing list -- server(a)lists.fedoraproject.org To unsubscribe send an email to server-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure