-----BEGIN PGP SIGNED MESSAGE-----
Rob Crittenden wrote:
> David Christensen wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> If freeIPA was installed and a CA signed cert was not used during the
>> install and instead the freeipa generated one was used, it is possible
>> to import one post install?
> There is a tool to do that, ipa-server-certinstall.
>> If not this is not possible or rather difficult, is it possible to
>> backup the freeIPA DB and import it after a new install to use the legit
>> CA cert?
> It isn't too difficult to do but you have to understand the
> ramifications. When you create any replicas you'll need to provide two
> certificates for it (one for Apache and one for 389) in the form of
> PKCS#12 files and they need to be issued from the same CA as your other
> IPA servers (or they must already be trusted).
> You just have to be very careful, basically.
Thanks for the info Rob.
Does the same ramification exist using the ipa-server-certinstall tool
or is that just when trying to re-create an instance of IPA and
importing the DB?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Freeipa-users mailing list