> Hi, > > maybe you can explain first what you're trying to achieve. Do you want to > install IPA without a CA? If it's a fresh installation, you can use > ipa-server-install and provide the HTTP/LDAP/PKINIT certificates using the > options --dirsrv-cert-file / --http-cert-file / --pkinit-cert-file / > --dirsrv-pin / --http-pin / --pkinit-pin and provide the CA with > --ca-cert-file. This way, you don't need to go through the painful steps of > removing the CA functionality from IPA. > For more information please refer to Determining What CA Configuration to > Use [1], and Installing Without a CA [2]. > I'm pointing to RHEL7 documentation as you mentioned you're using ipa 4.3 > (which is a bit outdated...) > > The blog you're referring to clearly mentions that there is *no supported > way to remove the CA from a CA-ful deployment*. The instructions are > provided for you to try but are not officially supported. > > On Tue, Jul 5, 2022 at 1:31 PM roy liang via FreeIPA-users < > freeipa-users(a)lists.fedorahosted.org> wrote:
My goal is:Currently, all the HTTP LDAP certificates and PKI certificates have expired in the freeipa cluster online, so they cannot work properly. I have tested many schemes, but they cannot be fixed. I have also modified the system time, but they cannot be fixed.My Linux Ubuntu16.04 FreeiPA 4.3 version is very old. This is due to historical reasons. Now there is no better choice.After all, there are a lot of Hadoop jobs running on this, any good suggestions?Thank you very much _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
