Kendrick . via FreeIPA-users wrote:
I have a manjorao desktop in the environment that i need to be able
to access the freeipa based systems and not get cert errors every where. I will probably
attempt to build the client on that system in the future but right now i just need the
certs freeipa made to be valid.
how does one go about exporting the root cert and then importing it in a way chrome will
accept its validity or is that a matter of getting the enterprise tools to force it to
work?
The trick is in distributing it securely. It is available in an insecure
way from http://<YOUR_IPA_MASTER>/ipa/config/ca.crt. Chrome may even
install the CA locally if you hit that directly.
I don't know how Manjaro handles a centralized CA bundle but I imagine
in a similar way as Ubuntu:
sudo cp ca.crt /usr/local/share/ca-certificates/ipa.pem
sudo update-ca-certificates
rob