I'm testing SSL decryption on a firewall. The self signed CA Cert and private signing key that I started testing with are generated on the firewall it self which works. So I am now trying to figure out how to generate a Sub CA with it's own private signing key to be imported to the firewall. I'm not having any luck figuring out how to create a CA with it's own key?
Is this possible? If so can someone help me with this task?
it seems that last issue I had
has no easy resolution, so I'll try to bypass it.
What is the best way to migrate an IPA setup? Maybe "ipa migrate-ds"?
My goal is to reinstall from scratch an IPA server, and import (at
least) users, groups and group membership.
What will remain to do after that? Rejoin all clients? Rebuild HBAC? Add
misc services (nfs, ...)? What else?
P.S. I could even change the domain name (e.g. old domain: my.dom.ain,
new domain: second.dom.ain).
which is the correct way to add a replication segment between two server
(just one of them has CA role)?
I tried with "ipa topologysegment-add" and dragging it in the UI, but I
got "right node does not support suffix 'ca'".
Thanks in advance,
Trust you are well. You are very helful.
I am trying to configure Libree NMS with FreeIPA but having below issues.
When I do ldapsearch, I get below error.
Please help me on this, what do I need to do. Thanks
Sent from Mail for Windows 10
If I have my IPA replicas with DNS, I see that DNS is completely replicated between them.
But what if I need to have different DNS resolution for the same name in different locations? How can I achieve that with IPA DNS?
Below is the detailed example, if needed.
Suppose I have two sites - Site1 and Site2. And I have one IPA domain spanning across these sites. So in each site I have IPA replica(s) with DNS on them as well.
Now, suppose I have internal IP range inside each site, but I need external IP addressing for inter-site connectivity. So I do NAT on the site border routers.
This sounds like a pretty standard setup...
Now, suppose I have a server myserver.site2.domain.com, located on Site2, with internal IP 10.1.1.1, with external IP 22.214.171.124.
This means that if someone from within Site2 needs to browse to it, they need to use 10.1.1.1, but people from outside (e.g. from Site1) must use 126.96.36.199.
So I need to have a different DNS resolution for the same name myserver.site2.domain.com...
How can I achieve that on IPA, if the DNS servers are all replicated between all replicas?
This sounds like a very standard requirement, so maybe I'm missing something basic here...
Can anyone throw some light on this, I m also stuck here for past few
days with the same error, tried reinstalling client,rebuilding the VM
again, adding manual dns entry....nothing seems to work.
Thanks for your help,