[Freeipa-users] trying to setup cert with an internal CA
Rob Crittenden
rcritten at redhat.com
Wed Nov 6 16:05:46 UTC 2013
Mike Calautti wrote:
> Hi,
>
> We have our own in house CA>.
>
> I ran ipa-server-install -a secret12 -r EXAMPLE.COM -P password -p
> secret12 -n ipaserver.example.com --external-ca
>
> It generated ipa.csr as expected..
>
> I used opsenssl to sign it on our internal CA. I got the .crt file..
>
> I assume I need the private KEY that the IPA server generated when it
> did the install.. and I assume I need ipa-getcert command to find it?
No, you just need to re-run the installer with
--external_cert_file=/path/to/server.pem
--external_ca_file=/path/to/external_ca.pem
The installer will pick up where it left off and finish installing the
CA and the other IPA components.
rob
> I cant seem to find it.. I am doing this because I assume I have to
> combine the CA files into a chain file and convert them to .p12 format?
>
> This is on
>
> Linux rdsdev01.com 3.4.61-9.el6.centos.alt.x86_64 #1 SMP Wed Sep 11
> 15:34:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
>
> cat /etc/redhat-release
>
> CentOS release 6.4 (Final)
>
> rpm -qav|grep -i ipa
>
> ipa-python-3.0.0-26.el6_4.4.x86_64
>
> ipa-server-selinux-3.0.0-26.el6_4.4.x86_64
>
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>
> libipa_hbac-1.9.2-82.10.el6_4.x86_64
>
> libipa_hbac-python-1.9.2-82.10.el6_4.x86_64
>
> ipa-client-3.0.0-26.el6_4.4.x86_64
>
> ipa-server-3.0.0-26.el6_4.4.x86_64
>
> ipa-pki-common-theme-9.0.3-7.el6.noarch
>
> ipa-admintools-3.0.0-26.el6_4.4.x86_64
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list