On 10/13/2014 03:39 PM, quest monger wrote:
I found some documentation for getting certificate signed by external CA ( Using Different CA Configurations) - http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/creating-server.html

But looks like those instructions apply to a first time fresh install, not for upgrading an existing install.

On Mon, Oct 13, 2014 at 3:24 PM, quest monger <quest.mon...@gmail.com <mailto:quest.mon...@gmail.com>> wrote:

    I was told by my admin team that Self-signed certs pose a security

    On Mon, Oct 13, 2014 at 3:17 PM, Rob Crittenden
    <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote:

        quest monger wrote:
        > Hello All,
        > I installed FreeIPA server on a CentOS host. I have 20+
        Linux and
        > Solaris clients hooked up to it. SSH and Sudo works on all
        > I would like to replace the self-signed cert that is used on
        Port 389
        > and 636.
        > Is there a way to do this without re-installing the server
        and clients.

        Why do you want to do this?


Do I get it right that you installed IPA using self-signed certificate and now want to change it? What version of IPA you have? Did you use self-signed CA-less install or using self-signed CA? The tools to change the chaining are only being released in 4.1 so you might have to move to latest when we release 4.1 for CentOS.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to