Thanks Rob, I’ll give it a try!
Andrew Chin

> On Jan 7, 2015, at 2:13 PM, Rob Crittenden <> wrote:
> Andrew Chin wrote:
>> Hello,
>> I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed 
>> certificate to one signed by a commercial CA that browsers will recognize.
>> The documentation at 
>> says 
>> "The certificate in mysite.crt must be signed by the CA used when installing 
>> FreeIPA.”  Does this preclude me from installing the commercial cert? If 
>> not, should I just follow the directions for IPA < 4.1?
>> Thanks,
>> Andrew Chin
> That is rather confusing isn't it. IMHO It should really say that the
> cert is signed by your 3rd party CA.
> You'll also want to make sure that the issuing CA is trusted in your NSS
> databases as well.
> rob

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to