On 07/17/2018 10:58 AM, Jan Gardian via FreeIPA-users wrote:
Could you please recommend procedure to replace self signed IPA
certificate with external signed CA?
I found this
if you want to replace a self-signed IPA CA with an externally signed
IPA CA, you need to use the instructions from
(that basically point to the link you already found).
ipa-cacert-manage renew --external-ca is the right tool for this procedure.
but it is for renewal and I am not sure if it can be used for
In manual pages for ipa-cacert-manage there is option install but in
statements it has: "Important: this does not replace IPA CA but adds the
provided certificate as a known CA. This is useful for instance when
using ipa-server-certinstall to replace HTTP/LDAP certificates with
third-party certificates signed by this additional CA."
With kind regards
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines