Hi All
After deploying FreeIPA with an embedded self-signed CA, the ipa servers were configured
to use commercially signed, 3rd party certificates for the HTTP service only. The
directory server was left default. This was accomplished by importing the external CA and
then the signed certificate, following the instructions on
freeipa.org:
ipa-cacert-manage -t C,, install InCommon_interm.cer
ipa-certupdate
ipa-server-certinstall --http /var/lib/ipa/private/httpd.key
/var/lib/ipa/private/InCommon_signed.cer
ipactl restart
A commercially signed web certificate on the ipa servers is no longer required and we
would like to revert back to using certificates from the freeipa self-signed CA. Is there
a way to do so?
Regards,
Scott