Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-08 Thread James James
It's a little bit more clear. Thanks. I have created a new ipa 4.1 replica but when I want run : # ipa-cacert-manage renew --self-signed I've got this message : [root@ipa-devel-centos7 ~]# ipa-cacert-manage renew --self-signed CA is not configured on this system If I want to install the CA

Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-08 Thread Jan Cholasta
Dne 8.4.2015 v 17:43 James James napsal(a): It's a little bit more clear. Thanks. I have created a new ipa 4.1 replica but when I want run : # ipa-cacert-manage renew --self-signed I've got this message : [root@ipa-devel-centos7 ~]# ipa-cacert-manage renew --self-signed CA is not configured

Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-07 Thread Martin Kosek
On 04/03/2015 11:39 AM, James James wrote: Hello, I want to initialize a new replica with an external CA. My Certificate Authority wants a CSR with the field emailAddress in the subject like : /C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=n...@none.com I am not a bit confused. Do

Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-07 Thread James James
ok. Is there a way to migrate from an external CA to a CA-less or a self-signed CA ? 2015-04-07 12:51 GMT+02:00 Martin Kosek mko...@redhat.com: On 04/03/2015 11:39 AM, James James wrote: Hello, I want to initialize a new replica with an external CA. My Certificate Authority wants a

Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-07 Thread Martin Kosek
On 04/07/2015 01:44 PM, James James wrote: ok. Is there a way to migrate from an external CA to a CA-less or a self-signed CA ? Yes, you can use ipa-cacert-manage tool introduced in FreeIPA 4.1.0: https://www.freeipa.org/page/Howto/CA_Certificate_Renewal

Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-07 Thread James James
I will try to give a better explanation : I have a CentOS 6.6 with ipa 3.0 named ipa-master. ipa-master has been installed with an external CA about 3 years ago and I will have to renew the certificate soon. I have created a test server (ipa-dev) with the same configuration (centos 6.6 and ipa

Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-07 Thread Martin Kosek
On 04/07/2015 02:08 PM, James James wrote: I will try to give a better explanation : I have a CentOS 6.6 with ipa 3.0 named ipa-master. ipa-master has been installed with an external CA about 3 years ago and I will have to renew the certificate soon. I have created a test server

Re: [Freeipa-users] Replica with external ca + custom subject in certificate

2015-04-07 Thread Jan Cholasta
Dne 7.4.2015 v 15:31 Martin Kosek napsal(a): On 04/07/2015 02:08 PM, James James wrote: I will try to give a better explanation : I have a CentOS 6.6 with ipa 3.0 named ipa-master. ipa-master has been installed with an external CA about 3 years ago and I will have to renew the certificate