You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/freeipa.md
+9-8Lines changed: 9 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,14 +47,6 @@ The playbook will not provision a firewall around the FreeIPA server.
47
47
48
48
## FreeIPA CA signed certificates or externally signed certificates?
49
49
50
-
In both cases, you'll want to refer to each CA certificate used (particularly important if you are using a different CA) by adding entries to `tls_ca_certs` e.g. (IPA CA)
51
-
52
-
```
53
-
tls_ca_certs:
54
-
- path: /etc/ipa/ca.crt
55
-
alias: ipaca
56
-
```
57
-
58
50
### FreeIPA CA signed certificates
59
51
60
52
Here, nothing has to be done.
@@ -67,6 +59,15 @@ In this case, please set `skip_ipa_signing` to `true`.
67
59
68
60
This will cause the playbook to stop after generating CSRs – identical to the non-FreeIPA case.
69
61
62
+
You will also need to configure your CA certificate like so (where `/path/to/ca.crt` is a path on the controller host):
63
+
```
64
+
tls_ca_certs:
65
+
- path: /path/to/ca.crt
66
+
alias: clusterca
67
+
```
68
+
69
+
This will ensure that the generated truststore includes your external CA.
0 commit comments