dmitriys via FreeIPA-users wrote:
Hi!
I rebuild my server now I use Centos 8
I installed freeipa :
# ipa-server-install
and try to change self sign certificate on Comodo.
My steps:
- get root CA from
gogetssl.com
- ipa-cacert-manage -p password -n ARAX -t C,, install /root/ca.crt
- ipa-certupdate
- ipa-server-certinstall -w -d /root/httpd_arax.key /root/httpd_arax.crt
and here i get an error
Directory Manager password:
Enter private key unlock password:
Peer's certificate issuer is not trusted (certutil: certificate is invalid:
Peer's Certificate issuer is not recognized.
). Please run ipa-cacert-manage install and ipa-certupdate to install the CA
certificate.
The ipa-server-certinstall command failed.
How i can fix it ?
You need the entire CA chain and not just the root. You're likely
missing one or more subordinates. Find those and install them the same
way using ipa-cacert-manage.
rob