Ctrl+K

Installing IPA Master with CA

Installing IPA Master with CA#

$ ipa-server-install -U -r EXAMPLE.COM -p Secret.123 -a Secret.123

Installing IPA Replica with CA Clone#

$ ipa-client-install -U --server master.example.com --domain example.com --realm EXAMPLE.COM -p admin -w Secret.123
$ ipa-replica-install -w Secret.123
$ ipa-ca-install -p Secret.123

Installing KRA on IPA Master#

$ ipa-kra-install -p Secret.123

Installing KRA Clone on IPA Replica#

$ ipa-kra-install -p Secret.123

Subordinate CA Installation#

Generate the CSR with the following command:

$ ipa-server-install -r IPA.EXAMPLE -n ipa.example -p Secret.123 -a Secret.123 --setup-dns --no-forwarders --auto-reverse --no-dnssec-validation --external-ca --unattended

Issue the certificate with the following command:

$ python << EOF
from ipatests.pytest_plugins.integration.create_external_ca import ExternalCA

external_ca = ExternalCA()
root_ca = external_ca.create_ca()
with open('/root/ipa.csr', 'rb') as f:
    ipa_csr = f.read()
ipa_ca = external_ca.sign_csr(ipa_csr)
with open('/root/rootca.pem', 'wb') as f:
    f.write(root_ca)
with open('/root/ipaca.pem', 'wb') as f:
    f.write(ipa_ca)
EOF

See also freeipa/freeipa.

Complete the installation with the following command:

$ ipa-server-install --external-cert-file=/root/ipaca.pem --external-cert-file=/root/rootca.pem -p Secret.123

Uninstalling IPA#

$ ipa-server-install --uninstall -U

See Also#

Contents