[Freeipa-users] ipa-replica-install --setup-ca: do or don't?
Simo Sorce
simo at redhat.com
Mon Dec 28 18:11:18 UTC 2015
On Mon, 2015-12-28 at 13:10 +0100, Harald Dunkel wrote:
> Hi folks,
>
> how comes that '--setup-ca' is not the default for
> ipa-replica-install? What is best practice wrt creating
> a local ca on the replicas?
>
> Every insightful comment is highly appreciated.
There is no need to have a CA on every ipa server, so a CA is not
installed by default.
You can pass --setup-ca at install time or you can use ipa-ca-install
later on.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list