I have FreeIPA running in a VM with a static IP assigned via dnsmasq with Traefik acting
as a reverse proxy. I have traefik grabbing wildcard certs for the domain. However, it
seems that FreeIPA does not like that as it has this error in the error log:
`SSL Library Error: - 12271 SSL client cannot verify your certificate`
I assume this is because the wildcard cert for the domain (
example.com/*.example.com) is
not the cert that FreeIPA is expecting?
When I try to access the web interface it returns: "Internal Server Error" and
adds another entry of "SSL Library Error: = 12271 SSL client cannot verify your
certificate"
What should I do to fix this, there is the CA-less install (
https://www.freeipa.org/page/V3/CA-less_install )
However that wants a long list of Certs (http_pkcs12, dirsrv_pkcs12, etc) and wants those
at install, do I just have to reinstall? Will doing a CA-less install even fix my
problem?
Thanks!