[Freeipa-users] Renew / Replace third-party certificate for IPA Servers(primary and replica)
beeth beeth
beeth2006 at gmail.com
Wed Oct 19 15:23:00 UTC 2016
I once asked about Install IPA servers with certificate provided by
third-party like Verisign(https://www.redhat.com/archives/freeipa-users/
2016-September/msg00440.html). Florence, Rob and Jakub from Redhat had been
very helpful, and pointed out the solution at https://access.redhat.com/
documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_
Authentication_and_Policy_Guide/install-server.html#
install-server-without-ca, about "Installing Without a CA", and it worked
great!
Now it came up another problem, is that the Verisign(or any other
certificate) will expire in a year or two, how can I smoothly renew the
Verisign certificate on the primary and replica IPA servers a year from
now? Or if we decide to use another provider, say Godaddy certificate, how
can I replace the existing certificate on both IPA servers? I found a
relevant instruction at https://access.redhat.com/
documentation/en-US/Red_Hat_Enterprise_Linux/7/html-
single/Linux_Domain_Identity_Authentication_and_Policy_
Guide/index.html#auto-cert-renewal, but that's about the "Dogtag" CA
certificate, not about the third-party certificate I am using in our
upcoming production environment(running IPA 4.2 on RHEL7).
Please advise. Thank you!
Beeth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161019/8b5910d8/attachment.htm>
More information about the Freeipa-users
mailing list