Ashwath Kumar via FreeIPA-users wrote:
Hello Team,
Can you please help us to troubleshoot custom ssl certificate for freeipa service.
Getting below error while trying.
[root@ldap1 certs]# ipa-server-certinstall --http robosoftincom.crt robosoftincom.key
Directory Manager password:
Enter private key unlock password:
The full certificate chain is not present in robosoftincom.crt, robosoftincom.key
The ipa-server-certinstall command failed.
[root@ldap1 certs]#
IPA needs the entire certificate chain for the issuer of robosoftincom.crt
You need to use ipa-cacert-manage to provide the chain to IPA, then run
ipa-certupdate on all enrolled machines, including IPA servers. Then
ipa-server-certinstall should succeed.
See
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
rob