For the time being and as far as I can see until IPA 4.3.1, the procedure is
messy and difficult.
The following thread will be a big help:
I think I succeeded at last, but further tests remain.
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Andreas Ladanyi
Sent: 27. juni 2016 13:49
Subject: [Freeipa-users] Replace with 3rd part certificates
i try to replace the self signed certificate from the ipa installation with
ipa-server-certinstall -w -d mysite.key mysite.crt
The tool ask for the private key unlock passwort. The private key was generated
without passwort. I tried out to press only the enter key, but it doesnt help.
So iam confused. The certificate and keyfile are in PEM format.
For testing I converted the private key with:
openssl rsa -in -out
because i want to know if openssl ask me for a password, but it doesnt.
My version number is FreeIPA 4.1.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project