Hi there, I was reading this document regarding using 3rd party certificates in FreeIPA:
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP Which includes the information "The certificate in mysite.crt must be signed by the CA used when installing FreeIPA." Also this thread: http://www.redhat.com/archives/freeipa-users/2014-August/msg00338.html Which says at the end " I'm wondering if it's because of this from the doc "The certificate in mysite.crt must be signed by the CA used when installing FreeIPA." but it might not either... In this case you should get a "file.p12 is not signed by /etc/ipa/ca.crt, or the full certificate chain is not present in the PKCS#12 file" error in ipa-server-certinstall." This brings me to my question... If I have an existing multi-server FreeIPA setup with multiple IPA client installations, using a self-signed CA certificate for /etc/ipa/ca.crt, would I need to start over the FreeIPA installation from scratch using the public root CA, which signed the wildcard certificate? Thanks, Dave
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
