[Freeipa-users] Public CA signed Certificate import failure
James Roman
james_roman at ssaihq.com
Fri Jul 17 14:41:35 UTC 2009
First off, thanks Rob for the direction on creating a certificate. After
reading up on Mozilla's NSS, I think I've got a pretty fair grounding.
So I successfully generated a CSR and had it signed. I imported my
certificate and CA chain into the NSS database and exported it to a
PKCS12 cert. I am primarily concerned with using the public cert on the
HTTP interface. However, when I go to import it using
ipa-server-certificate, it chokes on the names in the CA certificate
chain. (One of the certs uses full website address for the name.) I can
manually import each of the certificates in the CA chain using certutil
on the /etc/httpd/alias directory.
Will this work?
Are there any other configuration changes that I need to make the http
interface function properly (like changes in the nss.conf)?
What about manually modifying the directory server
(/etc/dirsrv/slapd-KRBDOMAIN)?
More information about the Freeipa-users
mailing list