FreeIPA allows running with CA-less mode, where there is no CA and FreeIPA simply users the offered CA/LDAP certificates:
http://www.freeipa.org/page/PKI#Blending_in_PKI_infrastructure Some information is also here: http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-ca-options.html Martin On 09/29/2015 02:16 PM, Brian Mathis wrote: > No. FreeIPA requires a *CA* certificate, which is a cert that has the > ability to sign other certs. Unless you're in a large company with an > expensive agreement in place with GoDaddy, that is not a permission they > grant to regular certs. A wildcard cert is only allowed to be used on > simple things like a web site, and does not have the ability to sign other > certs. > > > ~ Brian Mathis > @orev > > > On Tue, Sep 29, 2015 at 5:35 AM, Srdjan Dutina <sdut...@gmail.com> wrote: > >> Hi! >> >> I'm testing FreeIPA 4.1.0 on Centos 7 (1503). >> I have a *wildcard *certificate for my domain issued by GoDaddy. >> Could I use it with FreeIPA primary and replica servers instead of >> self-signed certificate? >> If yes, how could I replace the self-signed certificate in existing two >> servers installation? >> >> Thank you. >> >> Srdjan. >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
