As stated in the guidline online.../root/ipa.crt is the server cert
generated by 3rd patry CA ? or the CA cert itself that need to pair with
server cert later. thx

Give the CSR to your external CA and have them issue you a new certificate.
We assume that the resulting certificate is saved into the /root/ipa.crt
file. We also assume that the /root/external-ca.pem file contains the
external CA certificate chain in the PEM format. The renewal needs to be
done on the IdM CA designated for managing renewals. One way to identify
the first-installed IdM server is to see if the value for subsystem.select
is New:

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to