Hi, On Thu, Oct 12, 2023 at 11:41 AM Frederic Ayrault <f...@lix.polytechnique.fr> wrote:
> > Le 12/10/2023 à 10:59, Florence Blanc-Renaud a écrit : > > Hi, > > > > > > > > If I recap everything so far: > > - there is a single server, ipa3.lix.polytechnique.fr > > It was part of a cluster but it is removed for the tests > > > - it was installed CA-less, with http and ldap certificates issued by an > > external CA (C=FR, O=CNRS, CN=CNRS2-Standard), which is an intermediate > CA, > > signed by the root CA (C=FR, O=CNRS, CN=CNRS2) > > exactly > > > Your goal is to "replace our external CA to an Internal one", do you mean > > that you want IPA to act as a certificate authority, or use a different > CA > > authority instead of C=FR, O=CNRS, CN=CNRS2-Standard ? > > As I am not able to use CNRS2-Standard, I need to use a different CA > authority > > Ok, so you went through the right path by using ipa-ca-install. Now we need to understand why the command failed. Can you share /var/log/ipareplica-ca-install.log? We may also need /var/log/pki/pki-ca-spawn.$date and /var/log/dirsrv/slap-LIX-POLYTECHNIQUE- FR/errors and access. flo I thought using IPA as a certificate authority was logical (and should > also be easier) > but I can be wrong :-( > > > > flo > > > > Frederic > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue