[Freeipa-users] Issue on import official cert of godaddy.
Rob Crittenden
rcritten at redhat.com
Mon Mar 31 14:07:59 UTC 2014
barrykfl at gmail.com wrote:
> Dear all:
> I have succesfful impont certs to http and ldap but some inssue arise.
> 1) when i click in service in the UI it still using OLD entries of seld
> sign cert and given out error ...pls see attachment,.
> How to reflect the godaddy cert there and it cannot be deleted .??
You're misreading this. The IPA CA is still installed and has issued
some certificates to some service (and probably hosts). I'm guessing you
removed the IPA CA certificate from /etc/httpd/alias. You need to add it
back to let IPA talk to its CA again.
> 2) when start up dirsrv it casue some warning out say:
> Starting dirsrv:
> ABS-COM...[31/Mar/2014:10:25:59 +0800] - SSL alert:
> CERT_VerifyCertificateNow: verify certificate failed for cert
> *.wisers.com <http://wisers.com> - GoDaddy.com, Inc. of family
> cn=RSA,c n=encryption,cn=config (Netscape Portable Runtime error
> -8172 - Peer's certificate iss uer has been marked as not trusted by
> the user.)
> any where i should import again to skip the error and realize the change
> no prompt out errors?
You need to add the GoDaddy CA cert chain to the 389-ds cert database in
/etc/dirsrv/slapd-ABS-COM/
rob
More information about the Freeipa-users
mailing list