On 10/13/2014 03:39 PM, quest monger wrote:
I found some documentation for getting certificate signed by external
CA (2.3.3.2. Using Different CA Configurations) -
http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/creating-server.html
But looks like those instructions apply to a first time fresh install,
not for upgrading an existing install.
On Mon, Oct 13, 2014 at 3:24 PM, quest monger <quest.mon...@gmail.com
<mailto:quest.mon...@gmail.com>> wrote:
I was told by my admin team that Self-signed certs pose a security
risk.
On Mon, Oct 13, 2014 at 3:17 PM, Rob Crittenden
<rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote:
quest monger wrote:
> Hello All,
>
> I installed FreeIPA server on a CentOS host. I have 20+
Linux and
> Solaris clients hooked up to it. SSH and Sudo works on all
clients.
>
> I would like to replace the self-signed cert that is used on
Port 389
> and 636.
>
> Is there a way to do this without re-installing the server
and clients.
Why do you want to do this?
rob
Do I get it right that you installed IPA using self-signed certificate
and now want to change it?
What version of IPA you have? Did you use self-signed CA-less install or
using self-signed CA?
The tools to change the chaining are only being released in 4.1 so you
might have to move to latest when we release 4.1 for CentOS.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project