Hi Rob, thanks for the answer. I know about the externel CA-Cert possibility of ipa- server- install. But it does not what I want.
I did setup a dogtag ca and a fedora-ds (389). It would be nice, if freeipa could just use them. I find it a little bit inconsitent that dogtag tries to be a central service, and freeipa claims to be the same, setting up a new one. BTW.: Freeipa setup tells me, that it should be the only 389-instance, and exist gracefully. Well, my dogtag and bind setup with 389-backend works quiet well, i just want freeipa to use them. Is there a possibility to setup freeipa this way? Thanks for the all in one setup, but it means I cannot run an other ldap (389) server(-instance) on a machine where freeipa is running. Is this right? Best regards, Oli Am Freitag, 9. April 2010 23:42:54 schrieb Rob Crittenden: > Oliver Burtchen wrote: > > Hi @all, > > > > is it possible to use an already configured und running dogtag-instance > > for freeipa V2 in the installation process? I would like to give > > ipa-server- install just the params for the dogtag-instance/server to > > use, and skip its own creation-process (pkisilence ...). > > > > Or are there arguments for an extra CA used by freeipa? > > > > Background: I customized dogtag for my needs (using SHA256, default to 10 > > year validity of ca-SigningCert, organization and location defaults, etc. > > ). > > > > Best regards, > > Oli > > Probably the best way to do it would be to use the external CA install > option (--external-ca). This is a two-step installation process. The > first step generates a CSR for the IPA CA. You take this CSR to your > existing CA and issue a subordinate CA certificate that will be used by > IPA. Then you continue the IPA Installation and it sets up a separate > dogtag instance with this subordinate CA. > > It might be possible to wedge in an existing dogtag install into IPA in > another way but I haven't yet tried it. > > rob > -- Oliver Burtchen, Berlin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
