Installing IPA Master with CA#
$ ipa-server-install -U -r EXAMPLE.COM -p Secret.123 -a Secret.123
Installing IPA Replica with CA Clone#
$ ipa-client-install -U --server master.example.com --domain example.com --realm EXAMPLE.COM -p admin -w Secret.123
$ ipa-replica-install -w Secret.123
$ ipa-ca-install -p Secret.123
Installing KRA on IPA Master#
$ ipa-kra-install -p Secret.123
Installing KRA Clone on IPA Replica#
$ ipa-kra-install -p Secret.123
Subordinate CA Installation#
Generate the CSR with the following command:
$ ipa-server-install -r IPA.EXAMPLE -n ipa.example -p Secret.123 -a Secret.123 --setup-dns --no-forwarders --auto-reverse --no-dnssec-validation --external-ca --unattended
Issue the certificate with the following command:
$ python << EOF
from ipatests.pytest_plugins.integration.create_external_ca import ExternalCA
external_ca = ExternalCA()
root_ca = external_ca.create_ca()
with open('/root/ipa.csr', 'rb') as f:
ipa_csr = f.read()
ipa_ca = external_ca.sign_csr(ipa_csr)
with open('/root/rootca.pem', 'wb') as f:
f.write(root_ca)
with open('/root/ipaca.pem', 'wb') as f:
f.write(ipa_ca)
EOF
See also freeipa/freeipa.
Complete the installation with the following command:
$ ipa-server-install --external-cert-file=/root/ipaca.pem --external-cert-file=/root/rootca.pem -p Secret.123
Uninstalling IPA#
$ ipa-server-install --uninstall -U