#5612 `ipa-cacert-manage install ` fails for intermediate CA certs
Closed: Fixed None Opened 5 years ago by jcholast.

ipa-cacert-manage install fails for intermediate (i.e. not self-signed) CA certs with the following error:

Installing CA certificate, please wait
Not a valid CA certificate: (SEC_ERROR_UNKNOWN_ISSUER) Peer's Certificate issuer is not recognized. (visit http://www.freeipa.org/page/Troubleshooting for troubleshooting guide)
The ipa-cacert-manage command failed.

Use case: required for setting up let's encrypt cert.


  • ef91346 cacert install: fix trust chain validation


  • 4fa8d3b cacert install: fix trust chain validation

Metadata Update from @jcholast:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.3.1

4 years ago

Login to comment on this ticket.