freeipa

Clone
Source Code
GIT

#8234 RFE: Add --ca-cert-file option to ipa-replica-install
Opened 5 years ago by rcritten. Modified 2 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

Request for enhancement

As administrator , I want to install a replica into a CA-less cluster without having to pre-install the client first.

Steps to Reproduce

  1. ipa-server-install --http-cert-file= ... --dirsrv-cert-file= ... --ca-cert-file=... ...
  2. ipa-replica-install

Actual behavior

The replica install will fail due to an unknown CA certificate chain.

Expected behavior

Have a --ca-cert-file option in ipa-replica-install

Version/Release/Distribution

ipa-server-4.6.5 CentOS 7.7

Additional info:

Installation can work if PKCS#12 files are used.

From this thread:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/K7VSRZWOILIVDXIGIJTZ5YRXZWGNA3SY/

Metadata Update from @fcami:
- Issue assigned to fcami
4 years ago

how about the status of this issue? I meet the same issue

If the certificate files are provided in a p12 format, they can contain the key, the certificate and the CA chain.
As this is a simple workaround, this issue hasn't been considered high priority so far.

Log in to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.