[Freeipa-users] Multiple CA certificates (for PassSync)
Rich Megginson
rmeggins at redhat.com
Thu Jul 9 13:36:46 UTC 2015
On 07/09/2015 07:23 AM, Rob Crittenden wrote:
> Joseph, Matthew (EXP) wrote:
>> Hello,
>>
>> We are currently in the process of replacing our IdM 3.x server with
>> 4.x.
>>
>> There are going to be some major directory changes during the upgrade so
>> I need to keep both the old and new IdM servers up and running
>> separately.
>>
>> Part of our configuration is using the password sync between IdM and
>> Active Directory.
>>
>> I can’t find any information on this so I figured I’d ask you guys to
>> see if anyone has done this before.
>>
>> Can I have two CA certificates from 2 IdM servers installed on the
>> Active Directory server? And will this cause any issues with our
>> password sync?
>
> I'm not sure if you can do this. The CA is probably the least of your
> problems. I don't believe the AD passsync service can be aware of
> multiple consumers like this.
Right. passsync can talk to only 1 IdM server.
To use multiple CA certs, just use the certutil tool to install an
additional CA cert as per the docs.
>
> Rich may know.
>
> rob
More information about the Freeipa-users
mailing list