Hi I just wanted to say thank you to this list and especially to Rob Crittenden.. I could not log in to freeipa-users, there may be a problem in logging in with social network accounts. So I am sending this as an email.. Firstly My issue was freeIpa was refusing to install my comodo certificate with a signature algorithm complain. I am writing how I solved this issue with a complete CLI #recommended by Rob and significant milestone in solving my problemupdate-crypto-policies --set DEFAULT:SHA1#I received ca-bundle from my CA with my CRT file sudo ipa-cacert-manage -t C,, install my-domain.ca-bundle sudo ipa-certupdate #pem file incudes all the certificate authority chain.. sudo ipa-server-certinstall --http --dirsrv mydomain.key mydomain.pem
I have only one questionWhy didIı need to add this ca file to my freeIPA server? I mean it is already sgined with a public CA? web servers can easily see and do not throw any error when I install this certificate. but same is not true when I install this certificate in IDM or in anyting other than a web server.. so why do they not know my CA automaticaly? is it because this is especially designed for HTTPS connections? Do I need to request something different or from another vendor, such as verisgn? Thanks again..
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
