Yeah, I think we should produce a How To on FreeIPA.org as this is what many people would look for. It was slightly tricky as there were 2 hickups involved: * SELinux policy bug (WIP) * ipa-cacert-manage bug where I had to comment one line
Petr/Jan, would you like to create the How To, since you provided me the instructions? On 01/15/2016 03:47 PM, Prasun Gera wrote: > This is great. Can you post instructions for getting Let's Encrypt working > on 4.2.x ? I had created a thread, but I eventually got stuck, and it felt > a bit risky to modify low level things on a production system. > > This is the thread for reference: > https://www.redhat.com/archives/freeipa-users/2015-November/msg00048.html > > I got as far as adding the root cert manually, but it still didn't work > after that. > > On Fri, Jan 15, 2016 at 4:16 AM, Martin Kosek <[email protected]> wrote: > >> On 12/18/2015 06:24 PM, Petr Vobornik wrote: >>> The FreeIPA team would like to announce FreeIPA v4.3.0 release! >>> >>> It can be downloaded from http://www.freeipa.org/page/Downloads. The >> builds are >>> available for Fedora rawhide. Builds for Fedora 23 are available in the >>> official COPR repository >>> <https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.3/>. >>> >>> This announcement is also available at >>> <http://www.freeipa.org/page/Releases/4.3.0>. >>> >>> == Highlights in 4.3.0 == >>> * Simplified management of replication topology - control and display >> your >>> topology from CLI and UI >>> * Simplified replica installation - install replica without ''replica >> package'' >>> via OTP, keytab or privileged user credentials. The new method is called >>> ''replica promotion'' as it adds FreeIPA server capability to existing >> or new >>> client >>> ... >> >> FreeIPA demo [1] was upgraded to version 4.3.0. Compared to previous Demo >> version (4.2.x), you can now see the new Topology tab in "IPA Server" >> section, >> to get information about the FreeIPA servers in the realm, including a very >> thrilling Topology Graph :-) >> >> The Apache service was also updated to use a trusted certificate from Let's >> Encrypt, so you no longer need to waive the nasty Certificate Warning. >> Thanks >> to Petr Spacek and Jan Cholasta for helping me setting it up. >> >> [1] http://www.freeipa.org/page/Demo >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
