-
Bug
-
Resolution: Done-Errata
-
Major
-
rhel-9.4
-
ipa-4.11.0-2.el9
-
None
-
None
-
1
-
rhel-sst-idm-ipa
-
ssg_idm
-
10
-
12
-
None
-
False
-
-
No
-
2023-Q4-Alpha-S4
-
Pass
-
ipa-4.11.0-2.el9
-
Automated
-
-
All
-
None
What were you trying to do that didn't work?
Installation of IPA with an externally signed CA
Please provide the package NVR for which bug is seen:
ipa-server-4.11.0-1.el9.x86_64
How reproducible:
100%
Steps to reproduce
- Generate a CSR with
/usr/sbin/ipa-server-install -p Secret123 -a Secret123 -r TESTREALM.TEST --setup-dns --forwarder 10.11.5.19 --domain testrealm.test --realm TESTREALM.TEST --external-ca -U
- sign the CSR /root/ipa.csr with your external ca
- Continue the installation with the CA cert:
/usr/sbin/ipa-server-install --external-cert-file /tmp/nssdb/chain.crt -p Secret123 -U -p Secret123 -a Secret123 -r TESTREALM.TEST
Expected results
Installation should succeed
Actual results
Installation fails:
CA certificate CN=Certificate Authority,O=TESTREALM.TEST in /tmp/nssdb/chain.crt is not valid: not valid before 2023-10-06 16:56:56+00:00 UTC is in the future. The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
This is a RHEL 9.4 tracker for https://pagure.io/freeipa/issue/9462
- links to
-
RHBA-2023:121880
ipa bug fix and enhancement update
- mentioned on
