Mike Calautti wrote:
Hi,

We have our own in house CA>.

I ran ipa-server-install -a secret12 -r EXAMPLE.COM -P password -p
secret12 -n ipaserver.example.com --external-ca

It generated ipa.csr as expected..

I used opsenssl to sign it on our internal CA.  I got the .crt file..

I assume I need the private KEY that the IPA server generated when it
did the install.. and I assume I need ipa-getcert command to find it?

No, you just need to re-run the installer with --external_cert_file=/path/to/server.pem --external_ca_file=/path/to/external_ca.pem

The installer will pick up where it left off and finish installing the CA and the other IPA components.

rob

I cant seem to find it.. I am doing this because I assume I have to
combine the CA files into a chain file and convert them to .p12 format?

This is on

Linux rdsdev01.com 3.4.61-9.el6.centos.alt.x86_64 #1 SMP Wed Sep 11
15:34:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/redhat-release

CentOS release 6.4 (Final)

rpm -qav|grep -i ipa

ipa-python-3.0.0-26.el6_4.4.x86_64

ipa-server-selinux-3.0.0-26.el6_4.4.x86_64

ipa-pki-ca-theme-9.0.3-7.el6.noarch

libipa_hbac-1.9.2-82.10.el6_4.x86_64

libipa_hbac-python-1.9.2-82.10.el6_4.x86_64

ipa-client-3.0.0-26.el6_4.4.x86_64

ipa-server-3.0.0-26.el6_4.4.x86_64

ipa-pki-common-theme-9.0.3-7.el6.noarch

ipa-admintools-3.0.0-26.el6_4.4.x86_64



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to