[Freeipa-users] Re: Replacing selfsigned cert with external signed CA

Tue, 31 Jul 2018 06:53:58 -0700 

On 07/17/2018 10:58 AM, Jan Gardian via FreeIPA-users wrote:

Hello,
Could you please recommend procedure to replace self signed IPA certificate with external signed CA?
I found this https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#manual-cert-renewal-ext 
Hi,
if you want to replace a self-signed IPA CA with an externally signed IPA CA, you need to use the instructions from 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/index#change-cert-chaining

(that basically point to the link you already found).
ipa-cacert-manage renew --external-ca is the right tool for this procedure.

HTH,
Flo


but it is for renewal and I am not sure if it can be used for replacement.
In manual pages for ipa-cacert-manage there is option install but in statements it has: "Important: this does not replace IPA CA but adds the provided certificate as a known CA. This is useful for instance when using ipa-server-certinstall to replace HTTP/LDAP certificates with third-party  certificates signed by this additional CA." 

Thank you

--
With kind regards

*Ján Gardian*
Administrator
CYAN RD
**



_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/P66YFSWLEVKIZYVDAYKS366YLRELA6WV/


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/DI73VLJ4WCN43XMTXEBTJAQ2NVAPDITB/

Reply via email to