After installing a CA in a CA-less installations (using ipa-ca-install), the new CA certificate is not installed in /etc/httpd/alias. This causes communication failure between IPA framework and Dogtag (it cannot verify the Dogtag server certificate).
ipa-ca-install
/etc/httpd/alias
It is necessary for the admin to run ipa-certupdate before things work. But this should be done as a final step of ipa-ca-install.
ipa-certupdate
Metadata Update from @ftweedal: - Issue assigned to ftweedal
Metadata Update from @pvoborni: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1232
Metadata Update from @pvoborni: - Issue priority set to: important - Issue set to the milestone: FreeIPA 4.5.5
master:
ipa-4-6:
Metadata Update from @ftweedal: - Issue close_status updated to: fixed
Login to comment on this ticket.