[Freeipa-users] Adding a cert post install
Rob Crittenden
rcritten at redhat.com
Tue Jul 28 22:06:02 UTC 2009
David Christensen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> If freeIPA was installed and a CA signed cert was not used during the
> install and instead the freeipa generated one was used, it is possible
> to import one post install?
There is a tool to do that, ipa-server-certinstall.
> If not this is not possible or rather difficult, is it possible to
> backup the freeIPA DB and import it after a new install to use the legit
> CA cert?
It isn't too difficult to do but you have to understand the
ramifications. When you create any replicas you'll need to provide two
certificates for it (one for Apache and one for 389) in the form of
PKCS#12 files and they need to be issued from the same CA as your other
IPA servers (or they must already be trusted).
You just have to be very careful, basically.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090728/560aff4c/attachment.bin>
More information about the Freeipa-users
mailing list