On 31 Oct 2018, at 13:27, Andrey Bondarenko via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

It would create CSR for you on install.

When are they generated? I know it does that when configuring IPA as a sub-CA with “—external-ca", but without any CA I am supposed to specify the certificates when running ipa-server-install?

"You must request these certificates from a third-party authority prior to the installation:

An LDAP server certificate and a private key

An Apache server certificate and a private key

Full CA certificate chain of the CA that issued the LDAP and Apache server certificates”

And the only options relate to this seems to be the ones specifying the location of the certificates to use?

Thanks

Henrik