[Freeipa-users] Using 3rd party certificates for HTTP/LDAP
Jan Cholasta
jcholast at redhat.com
Mon Jan 4 13:19:50 UTC 2016
On 4.1.2016 14:10, Peter Pakos wrote:
> Hi Jan,
>
> On 04/01/2016 12:44, Jan Cholasta wrote:
>
>> 1. Install the CA certificate chain of the issuer of the 3rd party
>> certificate to IPA using "ipa-cacert-manage install"
>>
>> 2. Run "ipa-certupdate" to update CA certificate related IPA
> configuration.
>>
>> 3. Manually import the server certificate into the
>> /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in
>> LDAP in the nsSSLPersonalitySSL attribute of
>> cn=RSA,cn=encryption,cn=config and restart DS.
>>
>> 4. Manually import the server certificate into the /etc/httpd/alias NSS
>> database, configure the correct nickname in /etc/httpd/conf.d/nss.conf
>> using the NSSNickname directive and restart httpd.
>
> Would it be the same procedure for FreIPA 4.2 shipped with Centos 7.2?
Yes.
--
Jan Cholasta
More information about the Freeipa-users
mailing list