On 09/24/2016 02:37 PM, Günther J. Niederwimmer wrote:

what is the best way to test a new installed 3rd Party certificate ?
I hope i have now install (with big problems) the new certificate on clients
and servers.

But now is the big question is this all working correct together (?), or have
i make a mistake ?

I like to install this on a productive server with two master and 8 clients
Freeipa 4.2 Centos 7 with all Updates

with MailServer, private Cloud, webserver, DNS server .....

the next question is, what is in three years when the certificates expire ?
Is there a tested way to renew the certificate ?

I have search a long time in the internet but I can't found answers ?


you can find the supported procedure here: Using 3rd part certificates for HTTP/LDAP [1].

We are currently working on improving the chapter "Managing Certificates and Certificate Authorities" of the "Linux Domain Identity, Authentication, and Policy Guide" [2]. If you feel that some information is missing, please file documentation bugs so that we can take your comments into account for the next revision.

Depending on your deployment constraints, you may also consider installing FreeIPA's certificate authority using ipa-ca-install. This would allow to have HTTP/LDAP certificates issued *and renewed automatically* by FreeIPA CA.

Hope this helps,

[1] http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP

[2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-certificates.html

Thanks for a answer,

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to