Chris Cowan via FreeIPA-users wrote: > I have been trying for several days to get a server up with certs from an > Internal CA at work. I have > > We won't be using the IPA CA features. I just want to protect the https and > ldaps connections. I have a server cert in pkcs7 format. > My understanding is that I want to install with a pkcs12 file and pin that > contains the server cert, key, and CA cert chain. (I have a rool and > intermediate chain cert for the Internal CA). > > I'm also assuming that I will be setting enable_ra = False in > /etc/ipa/default.conf > > My questions are: > - Does anyone have an example of preparing the pkcs12 file from server cert > and *.pem files for the CA? How can I check it for correctness? > - Do I install normally and use the --http_pkcs12 and --dirsrv_pkcs12 > options? (I found some dated instructions on sectigo.com that discuss using > the --self-signed option on the installer, which is no longer there)
See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/installing_identity_management/installing-an-ipa-server-without-a-ca_installing-identity-management rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
