I am using SSL issued by external CA (Godaddy) for my FreeIPA servers. I have
installed the cert using the IPA cert installation tools, however on Ubuntu
20.04 clients, I receive the following error:
```
Setting up ca-certificates (20210119~20.04.2) ...
Updating certificates in /etc/ssl/certs...
sed: can't read /usr/local/share/ca-certificates/ipa-ca/CN=Go Daddy Root
Certificate Authority - G2,O=GoDaddy.com, Inc.,L=Scottsdale,ST=Arizona,C=US
0.crt: No such file or directory
```
This error is seen when trying to perform package updates on these servers.
The only workaround I have found so far is to uninstall the freeipa client, run
my package updates, then re-install the client. This is obviously not an ideal
solution.
Here's the commands used to install the certs:
ipa-cacert-manage -p {{ ipa_dirman_pass }} -n GoDaddyBundle2019 -t C,, install
/opt/ipa-ssl/godaddy.ca.crt
ipa-server-certinstall -w -d /opt/ipa-ssl/ipa.domain.key
/opt/ipa-ssl/ipa.domain.crt --dirman-password={{ ipa_dirman_pass }} --pin=''
ipa-certupdate
Certs and all other clients appear to work without issue.
IPA Server version:
ipa-server-4.6.8-5.el7.centos.7.x86_64
IPA Client version:
freeipa-client 4.8.6-1ubuntu2
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
