[Freeipa-users] Public CA signed Certificate import failure
Rob Crittenden
rcritten at redhat.com
Mon Jul 20 16:26:34 UTC 2009
James Roman wrote:
> First off, thanks Rob for the direction on creating a certificate. After
> reading up on Mozilla's NSS, I think I've got a pretty fair grounding.
>
> So I successfully generated a CSR and had it signed. I imported my
> certificate and CA chain into the NSS database and exported it to a
> PKCS12 cert. I am primarily concerned with using the public cert on the
> HTTP interface. However, when I go to import it using
> ipa-server-certificate, it chokes on the names in the CA certificate
> chain. (One of the certs uses full website address for the name.) I can
> manually import each of the certificates in the CA chain using certutil
> on the /etc/httpd/alias directory.
What do you mean by choke? Do you have a python backtrace or can you
send me the ipaserver-install.log?
> Will this work?
> Are there any other configuration changes that I need to make the http
> interface function properly (like changes in the nss.conf)?
> What about manually modifying the directory server
> (/etc/dirsrv/slapd-KRBDOMAIN)?
>
What distro are you using?
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090720/ced04c14/attachment.bin>
More information about the Freeipa-users
mailing list