Can you please anyone suggest on this
From: Polavarapu Manideep Sai via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org>
Sent: 29 October 2022 19:23
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Polavarapu Manideep Sai <manideep.sai(a)onmobile.com>
Subject: [Freeipa-users] Installing Third-Party Certificates-Help
CAUTION. This email originated from outside the organization. Please exercise caution
before clicking on links or attachments in case of suspicion or unknown senders.
Hi Team,
We need your help or support
I have a master IPA server and 2 Replica IPA Servers, i want to install third party
certificates in my setup
a.
master.ipa.example.com
b.
replica1.ipa.example.com
c.
replica2.ipa.example.com
1. Generated new CSR/wildcard certificate on master IPA server for the domain
"*.ipa.example.com" and shared to third party vendor and they have shared two
zip files one for apache and other for tomcat as shown below, i see crt and pem files in
zip files as shown below after unzip
a. _.ipa.onmobile.com_Apache.zip
b. _.ipa.onmobile.com_TOMCAT.zip
unzipped:
[root@dir01 tmp]# tree Apache/
Apache/
├── 1f1f7ab616938168.crt
├── 1f1f7ab616938168.pem
├── gd_bundle-g2-g1.crt
└── _.ipa.onmobile.com_Apache.zip
0 directories, 4 files
[root@dir01 tmp]# tree Tomcat/
Tomcat/
├── 1f1f7ab616938168.crt
├── 1f1f7ab616938168.pem
├── gd_bundle-g2-g1.crt
├── gdig2.crt.pem
└── _.ipa.onmobile.com_TOMCAT.zip
0 directories, 5 files
2. Followed the Redhat documentation but not understood which of the following one is
applicable in my case for the received certificates
Installing Third-Party Certificates for HTTP or LDAP
Installing a CA Certificate Manually
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
Can you please let us know the step by step procedure that how to install the
certificates
can you please also comment on below query
3. If i install the certificate will it get replaced in
"/etc/pki/pki-tomcat/alias/" database as well? along with httpd and dirsrv
databases ?
/etc/pki/pki-tomcat/alias/
/etc/httpd/alias/
/etc/dirsrv/slapd-IPA-EXAMPLE-COM
Please let us know if any more details required
Sai
________________________________
DISCLAIMER: The information in this message is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this message by anyone else is
unauthorized. If you are not the intended recipient, any disclosure, copying, or
distribution of the message, or any action or omission taken by you in reliance on it, is
prohibited and may be unlawful. Please immediately contact the sender if you have received
this message in error. Further, this e-mail may contain viruses and all reasonable
precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not
liable for any damage sustained by you as a result of any virus in this e-mail. All
applicable virus checks should be carried out by you before opening this e-mail or any
attachment thereto.
Thank you - OnMobile Global Limited.