CA Certs included are Expired #50
Comments
|
Same, and I've no idea how to solve that. Did you manage to get it working? |
|
The quickest fix would be to go back in time to when the certificates were still valid. ipactl restart. Then try this patch #49 |
|
I tried to re-run the scripts and using the new script in #49 but it did not resolve the issue. But i found a solution! Ipa didn't have the full certificate chain for Let's Encrypt, so even though the browser was connecting correctly at the webui, the curl command was failing. My solution was to add the R10 and R11 certificates in the Hope it could be helpful to someone. |
|
I wish the intermediate certs weren't pinned. I refactored the setup script for myself based on comments from #49 but still couldn't achieve usable certificates. Also stated as: |
I have a similar issue which was written here #25, and maked all the steps which were provided to resolve, but at the end i have such error after disabling ssl check
ipa-certupdate
Connect error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (certificate has expired)
The ipa-certupdate command failed.
ipa --version
VERSION: 4.9.13, API_VERSION: 2.251
in the docekrfile with image Centos-8-stream
The text was updated successfully, but these errors were encountered: