IdM client unable to obtain CA certificate from IdM server when enrolling using OTP

Solution Verified - Updated -

Issue

  • IdM client fails to install when using One-time-password (OTP):

    # ipa-client-install -w <...> --unattended

Discovery was successful!
Client hostname: idm-client.idm.example.com
Realm: IDM.EXAMPLE.COM
DNS Domain: idm.example.com
IPA Server: idm-server.idm.example.com
BaseDN: dc=idm,dc=example,dc=com

Downloading the CA certificate via HTTP, this is INSECURE
Cannot obtain CA certificate
'http://idm-server.idm.example.com/ipa/config/ca.crt' doesn't have a certificate.
Installation failed. Rolling back changes.

  • Installation finished successfully when admin principal was supplied:

    # ipa-client-install -p admin -w <...> --unattended

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 10
  • Red Hat Identity Management (IdM) / FreeIPA
    • ipa-server

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content