Hi Disclaimer: I'm new on this mailing list but willing to share experience :)
Did you use "ipa-cacert-manage install -t C,," to install your external CA certificate? This command copies the certificate in cn=certificates,cn=ipa,cn=etc,dc=xxx
After this, you can use ipa-certupdate which will put the CA cert in all the needed NSS databases and update the nickname where needed.
Flo. On 06/23/2016 04:54 AM, [email protected] wrote:
Hi : I renew External CA cert below ...seem server-cert ok. But ca CERT FAIL.. I ALREADY PASTE ON /etc/httpd/alias /etc/dirsrv/slapd-PKI-IPA /etc/dirsv/slapd-ABX-com /var/lib/pki-ca/alias 's CA conf any idea? ABX-COM...[23/Jun/2016:10:42:32 +0800] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.)
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
