FreeIPA
banners
Contribute to FreeIPA!

From Free IPA



  The following command will allow you to use a 3rd party certificate 
after initially deploying the FreeIPA system. You will need the following
files:

1. mysite.key   (Your private SSL key)
2. mysite.crt   (Your SSL certificate)
3. cacert.crt   (Your issue's certificate bundle)


  First we want to create a new PKCS12 archive containing the aformentioned certificates:

root@mybox# openssl pkcs12 -export -chain -CAfile cacert.crt -in mysite.crt \ 
               -inkey mysite.key -name MyIPA  -out newcert.pk12 -passout  \
               pass:some_secret_password

  Once this command has completed, you can install the new bundle using:

root@mybox# ipa-server-certinstall -w --http_pin=some_secret_password newcert.pk12 
root@mybox# ipa-server-certinstall -d --dirsrv_pin=some_secret_password newcert.pk12

  Then restart your daemons:

root@mybox# service httpd restart
root@mybox# service dirsrv restart

This scenario was tested using a wildcard certificate provided by GoDaddy.
Retrieved from "http://www.freeipa.com/page/Using_3rd_part_certificates_for_HTTP/LDAP"
Views Article Discussion Edit History
Personal tools:  Log in / create account
Toolbox What links here Related changes Upload file Special pages Printable version