On 09/24/2016 02:37 PM, Günther J. Niederwimmer wrote:
Hello,
what is the best way to test a new installed 3rd Party certificate ?
I hope i have now install (with big problems) the new certificate on clients
and servers.
But now is the big question is this all working correct together (?), or have
i make a mistake ?
I like to install this on a productive server with two master and 8 clients
Freeipa 4.2 Centos 7 with all Updates
with MailServer, private Cloud, webserver, DNS server .
the next question is, what is in three years when the certificates expire ?
Is there a tested way to renew the certificate ?
I have search a long time in the internet but I can't found answers ?
Hi,
you can find the supported procedure here: Using 3rd part certificates
for HTTP/LDAP [1].
We are currently working on improving the chapter "Managing Certificates
and Certificate Authorities" of the "Linux Domain Identity,
Authentication, and Policy Guide" [2]. If you feel that some information
is missing, please file documentation bugs so that we can take your
comments into account for the next revision.
Depending on your deployment constraints, you may also consider
installing FreeIPA's certificate authority using ipa-ca-install. This
would allow to have HTTP/LDAP certificates issued *and renewed
automatically* by FreeIPA CA.
Hope this helps,
Flo.
[1] http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-certificates.html
Thanks for a answer,
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
