Bryan Fang via FreeIPA-users wrote:
Hi Rob and Flo,
thanks for your reply, yes I am using external CA certificate, we have separate Apache
server as proxy of ipa server, and we are using external CA certificate for Apache server,
version of ipa server is 4.6.8, and I don’t know how to upgrade domain level to 1, I tried
to manually set it to 1 but failed with error message ‘server doesn’t support the domain
level’, if I ant to reuse existing ipa server, how can I promote it to be replica? Or
would you pls advise me how to rebuild all of deployment? Thanks a lot!
IIRC Flo already suggested including the entire certificate chain within
the PKCS#12 files you provide to ipa-replica-prepare. That may resolve
the problem.
We don't test nor recommend using a proxy in front of IPA.
rob