Thanks Rob, I’ll give it a try!
Andrew Chin


> On Jan 7, 2015, at 2:13 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> 
> Andrew Chin wrote:
>> Hello,
>> I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed 
>> certificate to one signed by a commercial CA that browsers will recognize.
>> 
>> The documentation at 
>> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP says 
>> "The certificate in mysite.crt must be signed by the CA used when installing 
>> FreeIPA.”  Does this preclude me from installing the commercial cert? If 
>> not, should I just follow the directions for IPA < 4.1?
>> Thanks,
>> Andrew Chin
> 
> That is rather confusing isn't it. IMHO It should really say that the
> cert is signed by your 3rd party CA.
> 
> You'll also want to make sure that the issuing CA is trusted in your NSS
> databases as well.
> 
> rob

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to