[Freeipa-users] Re: IPA install with custom CA fails at SSL: CERTIFICATE_VERIFY_FAILED

Thank you Fraser - you hit the nail on the head! I had used openssl to create my Root CA and then an Intermediate CA following the guides at: https://jamielinux.com/docs/openssl-certificate-authority/ In that guide the extension for the intermediate is for pathlen:0 so I either need to change that to 1 or to sign the FreeIPA CSR using the Root certificate I generated with openssl. basicConstraints = critical, CA:true, pathlen:0 Many thanks for your help and I hope this questions helps someone in future.