Hi Peter,

On 9.2.2016 00:26, Peter Pakos wrote:
Hi,

I now have a CA-less installation of FreeIPA 4.2 which seems to be
working OK.

The initial server was installed with the following command:

ipa-server-install \
   -U \
   -r IPA.WANDISCO.COM \
   -n ipa.wandisco.com \
   -p '********' \
   -a '********' \
   --mkhomedir \
   --setup-dns \
   --no-forwarders \
   --no-dnssec-validation \
   --dirsrv-cert-file=/root/ssl/GandiWildcardIPA.pfx \
   --dirsrv-pin='********' \
   --http-cert-file=/root/ssl/GandiWildcardIPA.pfx \
   --http-pin='********' \
   --dirsrv-cert-name=GandiWildcardIPA \
   --http-cert-name=GandiWildcardIPA \
   --idstart=1100 \
   --ca-cert-file=/root/ssl/star.ipa.wandisco.com.crt

Both LDAP and HTTP certificates are correctly installed.

My question is, how do I renew LDAP/HTTP certificates?

I'm struggling to find a step-by-step instructions on how to do this
without breaking anything.

This is one of the last tests I need to perform before moving this
FreeIPA setup into production.

Any info is greatly appreciated.


Currently you have to manually replace the certificates once you manually renew them with your CA.

To replace the certificates, follow the guide I posted a month ago: <https://www.redhat.com/archives/freeipa-users/2016-January/msg00023.html>.

Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to