[Freeipa-users] Question Test 3rd Party Certificate
Florence Blanc-Renaud
flo at redhat.com
Mon Sep 26 08:45:12 UTC 2016
On 09/24/2016 02:37 PM, Günther J. Niederwimmer wrote:
> Hello,
>
> what is the best way to test a new installed 3rd Party certificate ?
> I hope i have now install (with big problems) the new certificate on clients
> and servers.
>
> But now is the big question is this all working correct together (?), or have
> i make a mistake ?
>
> I like to install this on a productive server with two master and 8 clients
> Freeipa 4.2 Centos 7 with all Updates
>
> with MailServer, private Cloud, webserver, DNS server .....
>
> the next question is, what is in three years when the certificates expire ?
> Is there a tested way to renew the certificate ?
>
> I have search a long time in the internet but I can't found answers ?
Hi,
you can find the supported procedure here: Using 3rd part certificates
for HTTP/LDAP [1].
We are currently working on improving the chapter "Managing Certificates
and Certificate Authorities" of the "Linux Domain Identity,
Authentication, and Policy Guide" [2]. If you feel that some information
is missing, please file documentation bugs so that we can take your
comments into account for the next revision.
Depending on your deployment constraints, you may also consider
installing FreeIPA's certificate authority using ipa-ca-install. This
would allow to have HTTP/LDAP certificates issued *and renewed
automatically* by FreeIPA CA.
Hope this helps,
Flo.
[1] http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-certificates.html
>
> Thanks for a answer,
>
More information about the Freeipa-users
mailing list