Created
December 16, 2018 21:53
-
-
Save yellowcrescent/c15106c561e87010b004af5894c77135 to your computer and use it in GitHub Desktop.
adding CA-trusted certificate for FreeIPA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Automatic method ### | |
| # See: <https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP> | |
| # Add the root and CA certificates, if not already added. If this is not done, your external cert will NOT be trusted | |
| ipa-cacert-manage -n addtrust_root -t C,, install AddTrustExternalCARoot.crt | |
| ipa-cacert-manage -n comodoca_top -t C,, install COMODORSAAddTrustCA.crt | |
| ipa-cacert-manage -n comodoca_dcv -t C,, install COMODORSADomainValidationSecureServerCA.crt | |
| ipa-certupdate | |
| # Install/update the certificate | |
| # This will also automatically update Apache and DS NSS configs to point to the new cert | |
| ipa-server-certinstall -w -d /etc/ssl/private/wildcard_ycnrg-org.crt /etc/ssl/certs/wildcard_ycnrg-org.crt | |
| echo "Restarting Apache & DS services..." | |
| systemctl restart httpd | |
| systemctl restart dirsrv@YCNRG-ORG | |
| echo "*** Complete!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment