I am following the various Fedora guides for installing Freeipa with sync of 
users/passwords from AD server.


Hoiwever the documentation says "Active Directory CA certificate needs to be 
imported into the FreeIPA database" my windows colleague at head office says:

      There is no CA in XXXXXX domain, so I can't provide any certificates to 
you from there.
      This seems to be a LDAPS connection, and it will work if we use 
certificate that is trusted by both of the servers.

      I can sign the server with our internal CA and provide this to you.
      We can sign both servers with Vaisala CA, and use these certificates.
      To use this setup, I'll need a CSR from IPA

      Also, you have to download and install our root and intermediate CA's to 
IPA server, so it will trust certificates signed by those.

Not being that familiar with certs and with FreeIPA I have got a bit stuck on 
what I should do in order to resolve this and get the FreeIPA up and 
syncronised to one of our AD servers, can anyone offer some suggestions please 
? he has sent me the ROOT and Intermediate Certs for the domain server.



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to