[Freeipa-users] CA-less vs CA-ful FreeIPA 4.2 installation
Peter Pakos
peter at pakos.pl
Mon Feb 8 23:26:36 UTC 2016
Hi,
I now have a CA-less installation of FreeIPA 4.2 which seems to be
working OK.
The initial server was installed with the following command:
ipa-server-install \
-U \
-r IPA.WANDISCO.COM \
-n ipa.wandisco.com \
-p '********' \
-a '********' \
--mkhomedir \
--setup-dns \
--no-forwarders \
--no-dnssec-validation \
--dirsrv-cert-file=/root/ssl/GandiWildcardIPA.pfx \
--dirsrv-pin='********' \
--http-cert-file=/root/ssl/GandiWildcardIPA.pfx \
--http-pin='********' \
--dirsrv-cert-name=GandiWildcardIPA \
--http-cert-name=GandiWildcardIPA \
--idstart=1100 \
--ca-cert-file=/root/ssl/star.ipa.wandisco.com.crt
Both LDAP and HTTP certificates are correctly installed.
My question is, how do I renew LDAP/HTTP certificates?
I'm struggling to find a step-by-step instructions on how to do this
without breaking anything.
This is one of the last tests I need to perform before moving this
FreeIPA setup into production.
Any info is greatly appreciated.
--
Kind regards,
Peter Pakos
More information about the Freeipa-users
mailing list