[Freeipa-users] FreeIPA with third-party wildcard certificate
Rob Crittenden
rcritten at redhat.com
Tue Sep 29 14:18:00 UTC 2015
Brian Mathis wrote:
> No. FreeIPA requires a *CA* certificate, which is a cert that has the
> ability to sign other certs. Unless you're in a large company with an
> expensive agreement in place with GoDaddy, that is not a permission they
> grant to regular certs. A wildcard cert is only allowed to be used on
> simple things like a web site, and does not have the ability to sign
> other certs.
You can replace the web and/or LDAP certificates with a 3rd party cert,
see http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
There be dragons (and countless corner cases).
rob
>
>
> ~ Brian Mathis
> @orev
>
>
> On Tue, Sep 29, 2015 at 5:35 AM, Srdjan Dutina <sdutina at gmail.com
> <mailto:sdutina at gmail.com>> wrote:
>
> Hi!
>
> I'm testing FreeIPA 4.1.0 on Centos 7 (1503).
> I have a *wildcard *certificate for my domain issued by GoDaddy.
> Could I use it with FreeIPA primary and replica servers instead of
> self-signed certificate?
> If yes, how could I replace the self-signed certificate in existing
> two servers installation?
>
> Thank you.
>
> Srdjan.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
>
More information about the Freeipa-users
mailing list