As part of this Fedora feature, we're working on having a standard location and API for installing system trust anchors. https://fedoraproject.org/wiki/Features/SharedSystemCertificates In Fedora 19 there's a standard location for Admins to add these system trust anchors. In Fedora 20, we want to add standard tools to do this task. ipa-client-install currently adds the root certificate for the domain to /etc/pki/nssdb. By instead using these new facilities, all applications using any of the standard locations (via OpenSSL, GnuTLS, NSS, java, and so on) will be able to use the FreeIPA CA root as a trusted anchor.
*** Bug 928479 has been marked as a duplicate of this bug. ***
We can choose to solve this in Fedora 19 or Fedora 20: Current Fedora 19: * Place the certificate authority in /etc/pki/ca-trust/source/anchors * Run 'p11-kit extract-trust' Wait for Fedora 20: * Run future standard tool to add the certificate authority
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3504
*** Bug 974482 has been marked as a duplicate of this bug. ***
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle. Changing version to '20'. More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/4a0e91449e2b65304ae8d660d1a480200b1a13d3
Related commit which is a requirement for patch above: https://fedorahosted.org/freeipa/changeset/60b472479d6427243b5ef51c4dd60cdcd9e52afd
freeipa-3.3.4-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/freeipa-3.3.4-1.fc20
Package freeipa-3.3.4-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing freeipa-3.3.4-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1666/freeipa-3.3.4-1.fc20 then log in and leave karma (feedback).
Package freeipa-3.3.4-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing freeipa-3.3.4-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1666/freeipa-3.3.4-2.fc20 then log in and leave karma (feedback).
Package freeipa-3.3.4-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing freeipa-3.3.4-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1666/freeipa-3.3.4-3.fc20 then log in and leave karma (feedback).
freeipa-3.3.4-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.