Overview#
This page provides instructions to set up IPA for PKI development and testing. To set up IPA for production please refer to the official IPA documentation.
Installing IPA Server#
To install IPA server, execute the following command on the server:
$ ipa-server-install -U -r EXAMPLE.COM -p Secret.123 -a Secret.123
To install IPA server with existing SSL certificate:
$ ipa-server-install -U -r EXAMPLE.COM -p Secret.123 -a Secret.123 \
--dirsrv-cert-file=server.p12 --dirsrv-pin Secret.123 \
--http-cert-file=server.p12 --http-pin Secret.123
Installing CA#
To install CA, execute the following command on the server:
$ ipa-ca-install -p Secret.123
Installing KRA#
To install KRA, execute the following command on the server:
$ ipa-kra-install -p Secret.123
Installing IPA Client#
To install IPA client, execute the following command on the client:
$ ipa-client-install -U --server server.example.com --domain example.com \
--realm EXAMPLE.COM -p admin -w Secret.123
Promoting IPA Client#
To promote IPA client into an IPA replica, execute the following command on the client:
$ echo Secret.123 | kinit admin
$ ipa-replica-install -U --setup-ca -p Secret.123 -w Secret.123
To promote IPA client using existing server certificate:
$ ipa-replica-install -U -P admin -w Secret.123 \
--dirsrv-cert-file server.p12 --dirsrv-pin Secret.123 \
--http-cert-file server.p12 --http-pin Secret.123
Cloning KRA#
To clone KRA, execute the following command on the replica:
$ ipa-kra-install -p Secret.123