[Freeipa-users] Adding external CA
David Kupka
dkupka at redhat.com
Thu Mar 12 11:36:49 UTC 2015
On 03/12/2015 10:37 AM, crony wrote:
> Hi FreeIPA Users,
> I have a fresh new FreeIPA 4.1 on RHEL7.1 with self-sign CA and I would
> like to change the self-sign CA to the external CA
>
> Do you have any step by step document for do it correctly on 4.1 version?
>
> /lm
>
>
>
Hello!
I'm not aware of this being documented but fortunately this can be done
in 3 easy steps:
1. # ipa-cacert-manage renew --external-ca
2. Let CA of your choice sing the CRL produced in step 1.
3. # ipa-cacert-manage renew
--external-cert-file=/path/to/signed_certificate
--external-cert-file=/path/to/external_ca_certificate
--
David Kupka
More information about the Freeipa-users
mailing list