freeipa cert validation failed, not trusted by the user

asked 2015-09-07 11:31:39 -0500

mmarodin gravatar image

Hi everyone.

I've a problem my new freeipa installation, v4.1.0, over RHEL 7 like distribution.

The installation was ok, but now I've some problems operating via CLI:

ipa user-show admin

ipa: ERROR: cert validation failed for "CN=srv01.ipa.mydomain.com,O=IPA.MYDOMAIN.COM" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) ipa: ERROR: cannot connect to 'https://srv01.ipa.mydomain.com/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.

I've got the same problem connectiong via curl, but after doing these command for curl now it works, but not for ipa cli operations:

certutil -A -d /etc/pki/nssdb -n 'IPA CA' -t CT,C,C -a -i /etc/ipa/ca.crt

certutil -L -d /etc/pki/nssdb

Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI IPA CA CT,C,C

cp /etc/ipa/ca.crt /etc/pki/ca-trust/source/anchors/

# update-ca-trust extract

And also this command doesn't work:

ipa trust-add --type=ad mydomain.com --admin Administrator --password

ipa: ERROR: cert validation failed for "CN=srv01.ipa.mydomain.com,O=IPA.MYDOMAIN.COM" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) ipa: ERROR: cannot connect to 'https://srv01.ipa.mydomain.com/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.

So ... what's the problem?

Let me know, thanks. Morgan

edit retag flag offensive close merge delete