[Freeipa-users] using 3rd party cert not self sign cert in ipa
Jan Cholasta
jcholast at redhat.com
Tue Mar 25 10:22:43 UTC 2014
On 25.3.2014 10:27, barrykfl at gmail.com wrote:
> Dear all:
> whe install it already genrate a self sign cert called mydomain.com
> <http://mydomain.com> . and run ca service. now i want to check if it
> ok to install 3rd party replcacing ..so
> to httpd my ldap it will be https: my co domain (official cert ). and
> replcabelow.
> /etc/ipa/ca.crt
> /usr/share/ipa/html/ca.crt
You don't have to touch these files if you only want to install your own
certificates for HTTP and LDAP.
> Is it possible ? or any side effect on the infrsturture if chane the cert,.
> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
> I saw some info on web ...but i now already launch and many users
> connected. if i replaced the cert will it make the ldap invalid for
> exisiting users.???
You must make sure the CA certificate that signed your HTTP and LDAP
certificates is trusted on your client systems. If you do that,
everything should work fine.
> Regafs
> Barry
Honza
--
Jan Cholasta
More information about the Freeipa-users
mailing list