Andrew Chin wrote:
> Hello,
> I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed 
> certificate to one signed by a commercial CA that browsers will recognize. 
> The documentation at 
> says 
> "The certificate in mysite.crt must be signed by the CA used when installing 
> FreeIPA.”  Does this preclude me from installing the commercial cert? If not, 
> should I just follow the directions for IPA < 4.1?
> Thanks,
> Andrew Chin

That is rather confusing isn't it. IMHO It should really say that the
cert is signed by your 3rd party CA.

You'll also want to make sure that the issuing CA is trusted in your NSS
databases as well.


Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to