On 07/17/2018 10:58 AM, Jan Gardian via FreeIPA-users wrote:
Hello,
Could you please recommend procedure to replace self signed IPA
certificate with external signed CA?
I found this
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
Hi,
if you want to replace a self-signed IPA CA with an externally signed
IPA CA, you need to use the instructions from
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
(that basically point to the link you already found).
ipa-cacert-manage renew --external-ca is the right tool for this procedure.
HTH,
Flo
but it is for renewal and I am not sure if it can be used for
replacement.
In manual pages for ipa-cacert-manage there is option install but in
statements it has: "Important: this does not replace IPA CA but adds the
provided certificate as a known CA. This is useful for instance when
using ipa-server-certinstall to replace HTTP/LDAP certificates with
third-party certificates signed by this additional CA."
Thank you
--
With kind regards
*Ján Gardian*
Administrator
CYAN RD
**
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...