Hi,

Instead of using the Let’s Encrypt thing on the IPA server itself, I often just 
use it on a reverse proxy. This way the end-users see the verified CA and 
FreeIPA can keep doing it’s business.
I tried to use ACME on the IPA server in the past, but it wasn’t very well 
integrated and caused problems. Since only web-facing elements benefit from 
external CA signed certificates (for users that access it but don’t have the CA 
on their machine), it doesn’t actually need to be integrated with the rest of 
IPA.

John

> On 25 May 2017, at 13:39, Günther J. Niederwimmer via FreeIPA-users 
> <freeipa-users@lists.fedorahosted.org> wrote:
> 
> Hello,
> 
> after the mistake with Startcom CA (Class 3), now I look for a new 
> Certificate..
> 
> Is it possible and functional to install a Letsencrypt CA on a IPA-Server?
> 
> I have found a script on "github" to install a Letsencript CA for FreeIPA 
> (fedora), but can any tell me is this working with CentOS 7.(3).
> 
> Thanks for a answer,
> 
> -- 
> mit freundlichen Grüssen / best regards
> 
>  Günther J. Niederwimmer
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to