https://frasertweedale.github.io/blog-redhat/posts/2019-10-24-removing-ip... I'm going to try this scheme instead of CA Httpd. pem ladp. Pem ladp. Pem httpd.pem ladp.I hope I can get some guidance. Thank you 1：Generate ca-key ca-cert #openssl req -new -x509 -keyout ca-key -out ca-cert -days 365 2： Generate certificate signing request: #openssl req -new -key ca-key -out csr.csr 3:Generate pem openssl req -x509 -days 365 -key ca-key -in csr.csr -out http.pem openssl req -x509 -days 365 -key ca-key -in csr.csr -out ldap.pem 4:install freeipa root@migration-ipa-65:~/test_ca# ipa-cacert-manage install ca-cert Installing CA certificate, please wait CA certificate successfully installed 5:install http.pem root@migration-ipa-65:~/test_ca# ipa-server-certinstall \ No server certificates found in /root/test_ca/http.pem The ipa-server-certinstall command failed.