I have an existing website that I use for all sorts of things. I was a bit more of a sucker when I bought the domain so I also bought a wildcard SSL cert for my domain instead of using LetsEncrypt. I use the home
subdomain to link back to my home network where I’m in the process of setting up a FreeIPA domain. In order to make sure the SSSD works properly, I read that I need to LDAPS, and for that I’ll need some certs. I know FreeIPA generates its own certs, but these are self signed. I’d like to have my certs actually be trusted as theres a reason this is on an actual domain. However when i try to add my certs with
sudo ipa-cacert-manage -t ‘C,’ CERT_BUNDLE
I get an issue with one of the certs (I know which one) for using an insecure algorithm. And (expectedly) I can’t add the other certs as this is part of the CA chain. So I read to try renewing with the external-ca
option, and now I have a CSR from FreeIPA but I’m unsure if I can sign it with my SSL cert. Any guidance or help is vert much appreciated. I may have buggered my install in trying to figure this out, but I suppose we’ll find out.
kurikai@lemmy.world 11 months ago
You wont sign it with your cert. You will pay a company to sign it for you. I suggest using the ipa managed self signed one for easier maintanence