Since the commercial cert is outside IPA renewing that cert would not impact IPA at all.
On 2 July 2015 at 11:50, Prasun Gera <prasun.g...@gmail.com> wrote: > How smooth is the renewal process ? if the webui cert expires, does it > affect the core ipa functionality in any way ? Also, when ipa does it's own > auto-renewal, does it leave the webui alone if set up this way ? > > On Wed, Jul 1, 2015 at 9:16 PM, Prashant Bapat <prash...@apigee.com> > wrote: > >> I had the exact same requirement. Since we're on AWS, I ended up putting >> a ELB in front of each of my IPA servers with a commercial cert for web UI. >> The communication between ELB and the IPA server is using the IPA CA cert. >> >> On 2 July 2015 at 07:03, Rob Crittenden <rcrit...@redhat.com> wrote: >> >>> Stephen Ingram wrote: >>> >>>> I setup IPA using the internal CA. I'd like to continue using this CA, >>>> however, I'd also like to allow authorized external browser users (who >>>> haven't imported our CA) to access the WebUI without receiving a >>>> warning. Is it possible to add a 3rd party certificate and CA such that >>>> it is only used for the WebUI using the instructions at >>>> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP? >>>> >>>> Steve >>>> >>>> >>>> >>> In a word: yes. >>> >>> I'd recommend making a backup of /etc/httpd/alias and >>> /etc/httpd/conf.d/nss.conf before doing this to make rolling back, if >>> necessary, easier. >>> >>> rob >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project