I once asked about Install IPA servers with certificate provided by third-party like Verisign(https://www.redhat.com/archives/freeipa-users/ 2016-September/msg00440.html). Florence, Rob and Jakub from Redhat had been very helpful, and pointed out the solution at https://access.redhat.com/ documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_ Authentication_and_Policy_Guide/install-server.html# install-server-without-ca, about "Installing Without a CA", and it worked great!
Now it came up another problem, is that the Verisign(or any other certificate) will expire in a year or two, how can I smoothly renew the Verisign certificate on the primary and replica IPA servers a year from now? Or if we decide to use another provider, say Godaddy certificate, how can I replace the existing certificate on both IPA servers? I found a relevant instruction at https://access.redhat.com/ documentation/en-US/Red_Hat_Enterprise_Linux/7/html- single/Linux_Domain_Identity_Authentication_and_Policy_ Guide/index.html#auto-cert-renewal, but that's about the "Dogtag" CA certificate, not about the third-party certificate I am using in our upcoming production environment(running IPA 4.2 on RHEL7). Please advise. Thank you! Beeth
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project