On Tue, Oct 16, 2018 at 01:23:11PM -0400, Ralph Crongeyer via FreeIPA-users wrote: > Hello, > I have a FreeIPA server that is currently running as a CA only, no clients > connect, no LDAP entries have ever been made, no DNS etc... The original > ipa CA is how it was setup during the initial install. > A second CA was created, company.com CA, and certs have been created from > this CA. > I've setup two new freeipa boxes and have them replicated and migrated our > openldap users and groups. > > What we would like to do now is to export the company,com CA from the > "freeipa CA only" and import it into the new freeipa environment. > I haven't been able to find anything about doing this in my web searches so > far. > > Can somebody help me with this? > > Thanks, > Ralph
Hi Ralph, It's not clear what you want to accomplish. Do you want to: - Import the company.com CA certificate into FreeIPA so that IPA servers and clients will use it as a trusted CA? (Use `ipa-cacert-manage install` to do this). - Reissue the IPA CA certificate as a subordinate of the company.com CA? You can use `ipa-cacert-manage renew --external-ca` to do this. - Something else? Cheers, Fraser _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
