Dear, Firstly thanks to freeipa team for their amazing works on this tools suite.
I would like to know how to change the self signed certificate by a bought domain certificate in order to get a signed certificate for each services?
Thanks a lot
Have a nice day (and weekend)
MERCIER Jonathan via FreeIPA-users wrote:
Dear, Firstly thanks to freeipa team for their amazing works on this tools suite.
I would like to know how to change the self signed certificate by a bought domain certificate in order to get a signed certificate for each services?
Thanks a lot
Have a nice day (and weekend)
I think you mean this:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
This is for RHEL-7 but it shouldn't be substantially different for subsequent versions.
rob
Hi, the question is a bit ambiguous: are you referring to the self-signed IPA CA that you would like to replace with an externally-signed IPA CA? If that's the case, it's possible, please read demystifying the certificate authority component in freeipa https://floblanc.wordpress.com/2017/12/05/demystifying-the-certificate-authority-component-in-freeipa/ especially the "What if... " section and Renewing the IdM CA renewal server with an externally-signed certificate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_and_managing_identity_management/index#renew-with-externally-signed-CA_ipa-ca-renewal
HTH, flo
On Fri, Oct 1, 2021 at 9:02 PM Rob Crittenden via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
MERCIER Jonathan via FreeIPA-users wrote:
Dear, Firstly thanks to freeipa team for their amazing works on this tools
suite.
I would like to know how to change the self signed certificate by a
bought domain certificate in order to get a signed certificate for each services?
Thanks a lot
Have a nice day (and weekend)
I think you mean this:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
This is for RHEL-7 but it shouldn't be substantially different for subsequent versions.
rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Thanks @Florenceand @Rob I am looking to add anotherCertificate autority in order to sign certificate and to avoid the web browser message "warning it is a self signed cert....."
I will read those documentation
freeipa-users@lists.fedorahosted.org