Hi,
the question is a bit ambiguous: are you referring to the self-signed IPA CA that you would like to replace with an externally-signed IPA CA?
If that's the case, it's possible, please read demystifying the certificate authority component in freeipa especially the "What if... " section and Renewing the IdM CA renewal server with an externally-signed certificate

HTH,
flo

On Fri, Oct 1, 2021 at 9:02 PM Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
MERCIER Jonathan via FreeIPA-users wrote:
> Dear,
> Firstly thanks to freeipa team for their amazing works on this tools suite.
>
> I would like to know how to change the self signed certificate by a bought domain certificate in order to get a signed certificate for each services?
>
> Thanks a lot
>
> Have a nice day (and weekend)

I think you mean this:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/replace-http-ldap-cert

This is for RHEL-7 but it shouldn't be substantially different for
subsequent versions.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure