For the time being and as far as I can see until IPA 4.3.1, the procedure is 
messy and difficult.
The following thread will be a big help:

I think I succeeded at last, but further tests remain.


-----Original Message-----
[] On Behalf Of Andreas Ladanyi
Sent: 27. juni 2016 13:49
Subject: [Freeipa-users] Replace with 3rd part certificates


i try to replace the self signed certificate from the ipa installation with 
this description:

ipa-server-certinstall -w -d mysite.key mysite.crt

The tool ask for the private key unlock passwort. The private key was generated 
without passwort. I tried out to press only the enter key, but it doesnt help. 
So iam confused. The certificate and keyfile are in PEM format.

For testing I converted the private key with:

openssl rsa -in -out

because i want to know if openssl ask me for a password, but it doesnt.

My version number is FreeIPA 4.1.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to