For the time being and as far as I can see until IPA 4.3.1, the procedure is messy and difficult. The following thread will be a big help: https://www.redhat.com/archives/freeipa-users/2016-January/msg00223.html
I think I succeeded at last, but further tests remain. Regards, Bjarne -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Andreas Ladanyi Sent: 27. juni 2016 13:49 To: freeipa-users@redhat.com Subject: [Freeipa-users] Replace with 3rd part certificates Hi, i try to replace the self signed certificate from the ipa installation with this description: http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP ipa-server-certinstall -w -d mysite.key mysite.crt The tool ask for the private key unlock passwort. The private key was generated without passwort. I tried out to press only the enter key, but it doesnt help. So iam confused. The certificate and keyfile are in PEM format. For testing I converted the private key with: openssl rsa -in -out because i want to know if openssl ask me for a password, but it doesnt. My version number is FreeIPA 4.1. regards, Andreas -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project