[Freeipa] [Bug 1635568] Re: freeipa-client - Can't enroll a client if server has external CA certs in addition to self signed CA cert

Hi Timo, Georgijs, In our setup we use Let's Encrypt certificates for HTTPS/LDAPS and the solution was to add the "DST Root CA X3" to NSS database at "/etc/pki/nssdb". I used the following command to do it: $ certutil -A -n "DST Root CA X3" -t "C,," -i /etc/ssl/certs/DST_Root_CA_X3.pem -d sql:/et

[Freeipa] [Bug 1635568] Re: freeipa-client - Can't enroll a client if server has external CA certs in addition to self signed CA cert

I have the same issue with FreeIPA deployment on Ubuntu 14.04.5 LTS. I have FreeIPA 4.3.x on the server side with Let's Encrypt certificates installed for HTTPS and LDAPS services. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu.