Andrew Chin wrote: > Hello, > I want to switch our FreeIPA 3.3.5 from using the FreeIPA CA self signed > certificate to one signed by a commercial CA that browsers will recognize. > > The documentation at > http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP says > "The certificate in mysite.crt must be signed by the CA used when installing > FreeIPA.” Does this preclude me from installing the commercial cert? If not, > should I just follow the directions for IPA < 4.1? > Thanks, > Andrew Chin
That is rather confusing isn't it. IMHO It should really say that the cert is signed by your 3rd party CA. You'll also want to make sure that the issuing CA is trusted in your NSS databases as well. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project