[Freeipa-users] Replace Self-Signed Cert
Dmitri Pal
dpal at redhat.com
Mon Oct 13 22:31:12 UTC 2014
On 10/13/2014 03:39 PM, quest monger wrote:
> I found some documentation for getting certificate signed by external
> CA (2.3.3.2. Using Different CA Configurations) -
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/creating-server.html
>
>
> But looks like those instructions apply to a first time fresh install,
> not for upgrading an existing install.
>
>
>
> On Mon, Oct 13, 2014 at 3:24 PM, quest monger <quest.monger at gmail.com
> <mailto:quest.monger at gmail.com>> wrote:
>
> I was told by my admin team that Self-signed certs pose a security
> risk.
>
>
> On Mon, Oct 13, 2014 at 3:17 PM, Rob Crittenden
> <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
>
> quest monger wrote:
> > Hello All,
> >
> > I installed FreeIPA server on a CentOS host. I have 20+
> Linux and
> > Solaris clients hooked up to it. SSH and Sudo works on all
> clients.
> >
> > I would like to replace the self-signed cert that is used on
> Port 389
> > and 636.
> >
> > Is there a way to do this without re-installing the server
> and clients.
>
> Why do you want to do this?
>
> rob
>
>
>
>
>
Do I get it right that you installed IPA using self-signed certificate
and now want to change it?
What version of IPA you have? Did you use self-signed CA-less install or
using self-signed CA?
The tools to change the chaining are only being released in 4.1 so you
might have to move to latest when we release 4.1 for CentOS.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141013/70358325/attachment.htm>
More information about the Freeipa-users
mailing list