[Freeipa-users] Replacing HTTP certs with public CA signed wildcard cert
David Little
david.little2 at gmail.com
Thu May 14 14:15:29 UTC 2015
Hi there,
I was reading this document regarding using 3rd party certificates in
FreeIPA:
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
Which includes the information "The certificate in mysite.crt must be
signed by the CA used when installing FreeIPA."
Also this thread:
http://www.redhat.com/archives/freeipa-users/2014-August/msg00338.html
Which says at the end " I'm wondering if it's because of this from the doc
"The certificate in mysite.crt must be signed by the CA used when
installing FreeIPA." but it might not either...
In this case you should get a "file.p12 is not signed by
/etc/ipa/ca.crt, or the full certificate chain is not
present in the PKCS#12 file" error in ipa-server-certinstall."
This brings me to my question... If I have an existing multi-server FreeIPA
setup with multiple IPA client installations, using a self-signed CA
certificate for /etc/ipa/ca.crt, would I need to start over the FreeIPA
installation from scratch using the public root CA, which signed the
wildcard certificate?
Thanks,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150514/f21edfc2/attachment.htm>
More information about the Freeipa-users
mailing list