I did the default IPA install, didnt change any certs or anything.
As part of that install, it now shows 2 certs, one on port 443 (HTTPS) and
one on port 636 (LDAPS). These certs dont have a trust chain, hence i
called them self-signed.
We have a contract with a third party CA that issues TLS certs for us. I
was asked to find a way to replace those 2 self signed certs with certs
from this third party CA.
I was wondering if there was a way i could do that.

I found this -
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP

I am currently running 3.0.0.



On Mon, Oct 13, 2014 at 6:31 PM, Dmitri Pal <d...@redhat.com> wrote:

>  On 10/13/2014 03:39 PM, quest monger wrote:
>
> I found some documentation for getting certificate signed by external CA
> (2.3.3.2. Using Different CA Configurations) -
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/creating-server.html
>
>  But looks like those instructions apply to a first time fresh install,
> not for upgrading an existing install.
>
>
>
> On Mon, Oct 13, 2014 at 3:24 PM, quest monger <quest.mon...@gmail.com>
> wrote:
>
>> I was told by my admin team that Self-signed certs pose a security risk.
>>
>>
>> On Mon, Oct 13, 2014 at 3:17 PM, Rob Crittenden <rcrit...@redhat.com>
>> wrote:
>>
>>>  quest monger wrote:
>>> > Hello All,
>>> >
>>> > I installed FreeIPA server on a CentOS host. I have 20+ Linux and
>>> > Solaris clients hooked up to it. SSH and Sudo works on all clients.
>>> >
>>> > I would like to replace the self-signed cert that is used on Port 389
>>> > and 636.
>>> >
>>> > Is there a way to do this without re-installing the server and clients.
>>>
>>>  Why do you want to do this?
>>>
>>> rob
>>>
>>>
>>
>
>
>
> Do I get it right that you installed IPA using self-signed certificate and
> now want to change it?
> What version of IPA you have? Did you use self-signed CA-less install or
> using self-signed CA?
> The tools to change the chaining are only being released in 4.1 so you
> might have to move to latest when we release 4.1 for CentOS.
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to