I have been trying for several days to get a server up with certs from an Internal CA at work. I have
We won't be using the IPA CA features. I just want to protect the https and ldaps connections. I have a server cert in pkcs7 format. My understanding is that I want to install with a pkcs12 file and pin that contains the server cert, key, and CA cert chain. (I have a rool and intermediate chain cert for the Internal CA). I'm also assuming that I will be setting enable_ra = False in /etc/ipa/default.conf My questions are: - Does anyone have an example of preparing the pkcs12 file from server cert and *.pem files for the CA? How can I check it for correctness? - Do I install normally and use the --http_pkcs12 and --dirsrv_pkcs12 options? (I found some dated instructions on sectigo.com that discuss using the --self-signed option on the installer, which is no longer there) _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
