, 2014 9:43 AM
To: quest monger; d...@redhat.com
Cc: FreeIPA
Subject: Re: [Freeipa-users] Replace Self-Signed Cert
quest monger wrote:
> makes sense.
> i will still try out that cert add command in my test environment, just
> to see if it works.
> looks like for now, 4.1 upgrade is my
quest monger wrote:
> makes sense.
> i will still try out that cert add command in my test environment, just
> to see if it works.
> looks like for now, 4.1 upgrade is my best option.
IPA 3.x includes a command, ipa-server-certinstall, which will do what
you need. This can be a bumpy process with
makes sense.
i will still try out that cert add command in my test environment, just to
see if it works.
looks like for now, 4.1 upgrade is my best option.
On Mon, Oct 13, 2014 at 7:01 PM, Dmitri Pal wrote:
> On 10/13/2014 06:45 PM, quest monger wrote:
>
> I did the default IPA install, didnt
On 10/13/2014 06:45 PM, quest monger wrote:
I did the default IPA install, didnt change any certs or anything.
As part of that install, it now shows 2 certs, one on port 443 (HTTPS)
and one on port 636 (LDAPS). These certs dont have a trust chain,
hence i called them self-signed.
We have a cont
Hi there,
My understanding is the only way to install a third party cert is to
start from scratch. The part that is unclear to me is if there is a
method of exporting the data prior to, and importing the data after the
fresh instance of freeipa has been installed. I assume that one would
als
I did the default IPA install, didnt change any certs or anything.
As part of that install, it now shows 2 certs, one on port 443 (HTTPS) and
one on port 636 (LDAPS). These certs dont have a trust chain, hence i
called them self-signed.
We have a contract with a third party CA that issues TLS certs
On 10/13/2014 03:39 PM, quest monger wrote:
I found some documentation for getting certificate signed by external
CA (2.3.3.2. Using Different CA Configurations) -
http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/creating-server.html
But looks like those instructions apply to
I found some documentation for getting certificate signed by external CA
(2.3.3.2. Using Different CA Configurations) -
http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/creating-server.html
But looks like those instructions apply to a first time fresh install, not
for upgrading an
I was told by my admin team that Self-signed certs pose a security risk.
On Mon, Oct 13, 2014 at 3:17 PM, Rob Crittenden wrote:
> quest monger wrote:
> > Hello All,
> >
> > I installed FreeIPA server on a CentOS host. I have 20+ Linux and
> > Solaris clients hooked up to it. SSH and Sudo works
quest monger wrote:
> Hello All,
>
> I installed FreeIPA server on a CentOS host. I have 20+ Linux and
> Solaris clients hooked up to it. SSH and Sudo works on all clients.
>
> I would like to replace the self-signed cert that is used on Port 389
> and 636.
>
> Is there a way to do this without
Hello All,
I installed FreeIPA server on a CentOS host. I have 20+ Linux and Solaris
clients hooked up to it. SSH and Sudo works on all clients.
I would like to replace the self-signed cert that is used on Port 389 and
636.
Is there a way to do this without re-installing the server and clients.
11 matches
Mail list logo
