Can you please anyone suggest on this
From: Polavarapu Manideep Sai via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
Sent: 29 October 2022 19:23
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: Polavarapu Manideep Sai <manideep.sai@onmobile.com>
Subject: [Freeipa-users] Installing Third-Party Certificates-Help
CAUTION. This email originated from outside the organization. Please exercise caution before
clicking on links or attachments in case of suspicion or unknown senders.
|
|
Hi Team,
We need your help or support
I have a master IPA server and 2 Replica IPA Servers, i want to install third party certificates in my setup
a. master.ipa.example.com
b. replica1.ipa.example.com
c. replica2.ipa.example.com
1. Generated new CSR/wildcard certificate on master IPA server for the domain "*.ipa.example.com" and shared to third party vendor and they have shared two zip files one for apache and other for tomcat as shown below, i see crt and pem
files in zip files as shown below after unzip
a. _.ipa.onmobile.com_Apache.zip
b. _.ipa.onmobile.com_TOMCAT.zip
unzipped:
[root@dir01 tmp]# tree Apache/
Apache/
†€€ 1f1f7ab616938168.crt
†€€ 1f1f7ab616938168.pem
†€€ gd_bundle-g2-g1.crt
„€€ _.ipa.onmobile.com_Apache.zip
0 directories, 4 files
[root@dir01 tmp]# tree Tomcat/
Tomcat/
†€€ 1f1f7ab616938168.crt
†€€ 1f1f7ab616938168.pem
†€€ gd_bundle-g2-g1.crt
†€€ gdig2.crt.pem
„€€ _.ipa.onmobile.com_TOMCAT.zip
0 directories, 5 files
2. Followed the Redhat documentation but not understood which of the following one is applicable in my case for the received certificates
Installing Third-Party Certificates for HTTP or LDAP
Installing a CA Certificate Manually
Can you please let us know the step by step procedure that how to install the certificates
can you please also comment on below query
3. If i install the certificate will it get replaced in "/etc/pki/pki-tomcat/alias/" database as well? along with httpd and dirsrv databases ?
/etc/pki/pki-tomcat/alias/
/etc/httpd/alias/
/etc/dirsrv/slapd-IPA-EXAMPLE-COM
Please let us know if any more details required
Sai