After adding certificates and chain of *.domain.com to /etc/ipa/ca.crt in
master freeipa, then copy the ca.crt file to client machine, and rename it to
ca.pem with
mv ca.crt ca.pem
this ca.pem includes all required certificates for both ipa server and https
server, then run ipa-client-install command like below, it will work for new
client machine
ipa-client-install --mkhomedir --domain=domain2.com --server=ipa.domain.com
--realm=DOMAIN.COM --force-ntpd --hostname=ipa.domain2.com -d
--ca-cert-file=/home/ec2-user/ca.pem
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
