Hello all...
So i have a wildcard cert from geotrust. I am running freeipa V4.4 fresh install no users yet I downloaded and installed their GeoTrust Primary Certification Authority root cert from here --> https://www.geotrust.com/resources/root-certificates/ I ran this command to import it...
ipa-cacert-manage -p password -n httpcrt -t C,, install root_ca.crt
I get back this ;
Installing CA certificate, please wait CA certificate successfully installed The ipa-cacert-manage command was successful Then i go to install just the http cert for freeipa as dictated by company policy
Then I run this...
ipa-certupdate
Then i go to add the cert like this...
ipa-server-certinstall -w star_domain_com.key star_domain_com.crt Directory Manager password: Enter private key unlock password:
I get this back....
The full certificate chain is not present in star_domain_com.key, star_domain_com.crt The ipa-server-certinstall command failed.
So I combined the bundle and cert into one file, still a no go , i tried bot ways cert first then bundle, and bundle first then cert, still a no go. Any ideas?
Thanks..
On 08/28/2017 04:00 PM, Rob Morin via FreeIPA-users wrote:
Hello all...
So i have a wildcard cert from geotrust. I am running freeipa V4.4 fresh install no users yet I downloaded and installed their GeoTrust Primary Certification Authority root cert from here --> https://www.geotrust.com/resources/root-certificates/ I ran this command to import it...
ipa-cacert-manage -p password -n httpcrt -t C,, install root_ca.crt
I get back this ;
Installing CA certificate, please wait CA certificate successfully installed The ipa-cacert-manage command was successful Then i go to install just the http cert for freeipa as dictated by company policy
Then I run this...
ipa-certupdate
Then i go to add the cert like this...
ipa-server-certinstall -w star_domain_com.key star_domain_com.crt Directory Manager password: Enter private key unlock password:
I get this back....
The full certificate chain is not present in star_domain_com.key, star_domain_com.crt The ipa-server-certinstall command failed.
So I combined the bundle and cert into one file, still a no go , i tried bot ways cert first then bundle, and bundle first then cert, still a no go. Any ideas?
Thanks.. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hi,
is your http cert directly signed by the CA root_ca.crt, or does the cert chain contain additional certificates? In the latter case, you need to add each intermediate certificate with ipa-cacert-manage + ipa-certupdate before running ipa-server-certinstall.
HTH, Flo
freeipa-users@lists.fedorahosted.org