[Freeipa-users] Using 3rd party certificates for HTTP/LDAP
Peter Pakos
peter at pakos.pl
Sun Jan 10 21:21:22 UTC 2016
On 04/01/2016 12:44, Jan Cholasta wrote:
>> My question is, what is the correct way of installing a 3rd party
>> certificate for HTTP/LDAP that will actually work?
>
> 1. Install the CA certificate chain of the issuer of the 3rd party
> certificate to IPA using "ipa-cacert-manage install"
>
> 2. Run "ipa-certupdate" to update CA certificate related IPA configuration.
>
> 3. Manually import the server certificate into the
> /etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in
> LDAP in the nsSSLPersonalitySSL attribute of
> cn=RSA,cn=encryption,cn=config and restart DS.
>
> 4. Manually import the server certificate into the /etc/httpd/alias NSS
> database, configure the correct nickname in /etc/httpd/conf.d/nss.conf
> using the NSSNickname directive and restart httpd.
Is there any chance you can confirm the exact commands I need to run to
accomplish the above steps? I don't want to risk breaking our production
servers.
BTW, do we have an up-to-date documentation about this process in
FreeIPA 4.2? I failed to find one.
Many thanks in advance.
--
Kind regards,
Peter Pakos
More information about the Freeipa-users
mailing list