[Freeipa-users] Switch to 3rd party SSL
Rob Crittenden
rcritten at redhat.com
Wed Jan 7 20:13:28 UTC 2015
Andrew Chin wrote:
> Hello,
> I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed certificate to one signed by a commercial CA that browsers will recognize.
>
> The documentation at http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP says "The certificate in mysite.crt must be signed by the CA used when installing FreeIPA.” Does this preclude me from installing the commercial cert? If not, should I just follow the directions for IPA < 4.1?
> Thanks,
> Andrew Chin
That is rather confusing isn't it. IMHO It should really say that the
cert is signed by your 3rd party CA.
You'll also want to make sure that the issuing CA is trusted in your NSS
databases as well.
rob
More information about the Freeipa-users
mailing list