ipa-client-install LDAP Error: Connect error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Solution Verified - Updated -

Issue

  • In some specific scenario, an IdM / IPA client installation may fail at the beginning with the following error:
root        : ERROR    LDAP Error: Connect error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to verify that xxx.xxxx.example.com is an IPA server.

Environment

  • Red Hat Enterprise Linux 5.7

  • ipa-client-2.1.3-5.el5_92

  • Red Hat Enterprise Linux 5.8 IPA client:

  • Enroll this IPA client in one IPA domain

  • Un-register or un-configure that IPA client
  • Re-enroll this same IPA client into a different IPA domain / different set of IPA servers (could be for same domain name string)
Red Hat Enterprise Linux Server release 5.8 (Tikanga)
Linux ca1.example.com 2.6.18-308.11.1.el5 #1 SMP Fri Jun 15 15:41:53 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
sssd-1.5.1-49.el5_8.1.x86_64      Mon 11 Jun 2012 11:56:14 PM PDT
ipa-client-2.1.3-2.el5_8.x86_64      Mon 11 Jun 2012 11:56:15 PM PDT

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content