[Freeipa-users] Switch to 3rd party SSL
Andrew Chin
chin at juniper.net
Fri Jan 9 16:21:24 UTC 2015
Thanks Rob, I’ll give it a try!
Andrew Chin
> On Jan 7, 2015, at 2:13 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>
> Andrew Chin wrote:
>> Hello,
>> I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed certificate to one signed by a commercial CA that browsers will recognize.
>>
>> The documentation at http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP says "The certificate in mysite.crt must be signed by the CA used when installing FreeIPA.” Does this preclude me from installing the commercial cert? If not, should I just follow the directions for IPA < 4.1?
>> Thanks,
>> Andrew Chin
>
> That is rather confusing isn't it. IMHO It should really say that the
> cert is signed by your 3rd party CA.
>
> You'll also want to make sure that the issuing CA is trusted in your NSS
> databases as well.
>
> rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150109/543ce870/attachment.sig>
More information about the Freeipa-users
mailing list