Hello,
Could you please recommend procedure to replace self signed IPA certificate with external signed CA?
I found this
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#manual-cert-renewal-ext
but it is for renewal and I am not sure if it can be used for replacement.
In manual pages for ipa-cacert-manage there is option install but in statements it has: "Important: this does not replace IPA CA but adds the provided certificate as a known CA. This is useful for instance when using ipa-server-certinstall to replace HTTP/LDAP certificates with third-party certificates signed by this additional CA."
Thank you
--
With kind regards
Ján Gardian
Administrator
CYAN RD