ipa-server-certinstall - Man Page

Install new SSL server certificates

Synopsis

ipa-server-certinstall [OPTION]... FILE...

Description

Replace the current Directory server SSL certificate, Apache server SSL certificate and/or Kerberos KDC certificate with the certificate in the specified files. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats.

PKCS#12 is a file format used to safely transport SSL certificates and public/private keypairs.

They may be generated and managed using the NSS pk12util command or the OpenSSL pkcs12 command.

The service(s) are not automatically restarted. In order to use the newly installed certificate(s) you will need to manually restart the Directory, Apache and/or Krb5kdc servers.

If the ACME service is enabled then the web certificate must have a Subject Alternative Name (SAN) for ipa-ca.$DOMAIN.

Options

-d,  --dirsrv

Install the certificate on the Directory Server

-w,  --http

Install the certificate in the Apache Web Server

-k,  --kdc

Install the certificate in the Kerberos KDC

--pin=PIN

The password to unlock the private key

--cert-name=NAME

Name of the certificate to install

-p,  --dirman-password=DIRMAN_PASSWORD

Directory Manager password

--version

Show the program's version and exit

-h,  --help

Show the help for this program

-v,  --verbose

Print debugging information

-q,  --quiet

Output only errors

--log-file=FILE

Log to the given file

Exit Status

0 if the installation was successful

1 if an error occurred

Referenced By

ipa-cert-fix(1).

Mar 14 2008 IPA Manual Pages