Peter Tselios via FreeIPA-users wrote:
Exactly.
So, what I did in order to make it work: Create 2 PKS#12 archives with the certificates of the HTTP and LDAP (because I don't see how I can make the ansible module to add more certificates to an existing archive). Use those files as the input of the ipa-replica-install command.
It worked like a charm.
Glad to hear it. I opened https://pagure.io/freeipa/issue/8234 to add --ca-cert-file as an option to ipa-replica-install.
rob