Brian Mathis wrote: > No. FreeIPA requires a *CA* certificate, which is a cert that has the > ability to sign other certs. Unless you're in a large company with an > expensive agreement in place with GoDaddy, that is not a permission they > grant to regular certs. A wildcard cert is only allowed to be used on > simple things like a web site, and does not have the ability to sign > other certs.
You can replace the web and/or LDAP certificates with a 3rd party cert, see http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP There be dragons (and countless corner cases). rob > > > ~ Brian Mathis > @orev > > > On Tue, Sep 29, 2015 at 5:35 AM, Srdjan Dutina <sdut...@gmail.com > <mailto:sdut...@gmail.com>> wrote: > > Hi! > > I'm testing FreeIPA 4.1.0 on Centos 7 (1503). > I have a *wildcard *certificate for my domain issued by GoDaddy. > Could I use it with FreeIPA primary and replica servers instead of > self-signed certificate? > If yes, how could I replace the self-signed certificate in existing > two servers installation? > > Thank you. > > Srdjan. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project