[Freeipa-users] ipa-replica-prepare failed
Rob Crittenden
rcritten at redhat.com
Fri Feb 8 18:25:39 UTC 2013
Orion Poplawski wrote:
> On 02/08/2013 06:44 AM, Rob Crittenden wrote:
>> James James wrote:
>>> I had to set the --dirsrv_pkcs12, --dirsrv_pin, --http_pkcs12,
>>> --http_pin and the ipa-replica-prepare command runs without failure.
>>>
>>> Thanks for your help.
>>
>> Yes, this is what I was going to suggest. Using ipa-server-certinstall
>> replace
>> the IPA CA with an external one.
>>
>> I should note that we're deprecating this tool and do not recommend
>> that it be
>> used. We instead suggest that if you need certificates from an
>> external CA you
>> get the IPA CA signed as a subordinate.
>>
>> rob
>
> Is that possible to do from a commercial SSL certificate provider?
>
>
GeoTrust does, I don't know about any others.
http://www.prnewswire.com/news-releases/geotrust-launches-georoot-allows-organizations-with-their-own-certificate-authority-ca-to-chain-to-geotrusts-ubiquitous-public-root-54048807.html
rob
More information about the Freeipa-users
mailing list