FYI: we sorted this out on #freeipa IRC channel.
On pe, 26 maalis 2021, Goce Joncheski wrote:
Hello dear all,
I have problem for instalation FreeIPA server with public signature certificate.
Used this command:
ipa-server-install --external-ca --realm ISKRATEL.MK --domain iskratel.mk --hostname
ipa.iskratel.mk --ca-subject='CN=*.iskratel.mk'
ipa-server-install --external-cert-file=/root/cert/STAR_iskratel_mk.crt
--external-cert-file=/root/cert/My_CA_Bundle.ca-bundle.crt
The STAR_iskratel_mk.crt certificate is a wildcard on *.iskratel.mk. ( Issuer: Sectigo RSA
Domain Validation Secure Server CA, Sectigo Limited Write review of Sectigo )
The My_CA_Bundle.ca-bundle.crt certificate is a composed of server.crt + intermediate.crt
+ root_CA.crt ( Sectigo RSA Domain Validation Secure Server CA + USERTrust RSA
Certification Authority + AAA Certificate Services )
And get this error message:
ipapython.admintool: ERROR CA certificate CN=AAA Certificate Services,O=Comodo CA
Limited,L=Salford,ST=Greater Manchester,C=GB in /root/cert/STAR_iskratel_mk.crt,
/root/cert/chain.crt is not valid: not a CA certificate
Full error log link:
https://easyupload.io/auy0a8
I used this version:
Freeipa version: VERSION: 4.6.8
OS: CentOS Linux release 7.9.2009
Besr regards,
Goce Joncheski
_______________________________________________
server mailing list -- server(a)lists.fedoraproject.org
To unsubscribe send an email to server-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/server@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure