Bryan Fang via FreeIPA-users wrote:
> Hi Rob and Flo,
> thanks for your reply, yes I am using external CA certificate, we have
> separate Apache server as proxy of ipa server, and we are using external CA
> certificate for Apache server, version of ipa server is 4.6.8, and I don’t
> know how to
Hi Rob and Flo,
thanks for your reply, yes I am using external CA certificate, we have
separate Apache server as proxy of ipa server, and we are using external CA
certificate for Apache server, version of ipa server is 4.6.8, and I don’t know
how to upgrade domain level to 1, I tried to manuall
Bryan Fang via FreeIPA-users wrote:
> Hi folks,
> hope you are doing well, in case of dealing with domain level 0, when run
> ipa-replica-install, i have to provide gpg file as one of parameters, and
> cannot use --dirsrv-cert-file etc. together with gpg file
> 'You cannot specify any of --dirsrv
Hi,
Is your IPA server configured as domain level 0 or domain level 1?
If level 0, the replica installation is done in 2 steps, the preparation of
a replica file on the master, and then the installation of the replica
using this replica file.
If level 1, there is no preparation step for a replica
Hi folks,
hope you are doing well, in case of dealing with domain level 0, when run
ipa-replica-install, i have to provide gpg file as one of parameters, and
cannot use --dirsrv-cert-file etc. together with gpg file
'You cannot specify any of --dirsrv-cert-file, --http-cert-file, or
--pkinit-cer
Peter Tselios via FreeIPA-users wrote:
> Exactly.
>
> So, what I did in order to make it work:
> Create 2 PKS#12 archives with the certificates of the HTTP and LDAP (because
> I don't see how I can make the ansible module to add more certificates to an
> existing archive).
> Use those files a
Exactly.
So, what I did in order to make it work:
Create 2 PKS#12 archives with the certificates of the HTTP and LDAP (because I
don't see how I can make the ansible module to add more certificates to an
existing archive).
Use those files as the input of the ipa-replica-install command.
It
Peter Tselios via FreeIPA-users wrote:
> By the way, the information you provided are the complete opposite of the
> information here:
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-replica_installing-identity-manag
By the way, the information you provided are the complete opposite of the
information here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-replica_installing-identity-management#installing-an-ipa-replica-without-a-ca_
Many thanks to all.
This means I have a lt of work ahead of me.
I am using ansible for the installation and for the moment I don't use the
freeipa modules.
I will try with a p12 file and see if there is any improvement, if not, I will
fall back to ipa-client install.
_
You must first install the ipa-client !
And you can pass your certs option in the ipa-client-install, then the
ipa-replica-install will use them and perform the replication from your primary
server with the correct certs...
-Message d'origine-
De : Peter Tselios via FreeIPA-users
[mailt
On Tue, Mar 17, 2020 at 1:18 PM Peter Tselios via FreeIPA-users
wrote:
>
> I have installed the ipa server by using the following command:
>
> -
> ipa-server-install
> --realm "EXAMPLE.COM" -p 'password' -a 'password'
> --hostname="server.example.com" -n example.com
> --ip-address="10.
12 matches
Mail list logo
