Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 31. Adding the IdM CA service to an IdM server in a deployment without a CA

If you previously installed an Identity Management (IdM) domain without the certificate authority (CA) component, you can add the IdM CA service to the domain to enable internal certificate management and enhance security.

Note

For details on the supported CA configurations, see Planning your CA services.

Install an Identity Management (IdM) certificate authority (CA) on an existing IdM server that was installed without a CA. You can provide local certificate services and maintain control over your security infrastructure without a dependency on an external root CA.

Prerequisites

  • You have root permissions on idmserver.
  • The IdM server is installed on idmserver.
  • Your IdM deployment has no CA installed.
  • You know the IdM Directory Manager password.

Procedure

  1. On idmserver, install the IdM Certificate Server CA: 

    [root@idmserver ~] ipa-ca-install
    Copy to Clipboard Toggle word wrap

  2. On each IdM host in the topology, run the ipa-certupdate utility to update the host with the information about the new certificate from the IdM LDAP.

    Important

    If you do not run ipa-certupdate after generating the IdM CA certificate, the certificate will not be distributed to the other IdM machines.

Install the Identity Management (IdM) CA subordinate to an external root CA to integrate with your existing certificate infrastructure. This setup configures the server to operate directly under the root or through intermediate authorities to establish trust.

Prerequisites

  • You have root permissions on idmserver.
  • The IdM server is installed on idmserver.
  • Your IdM deployment has no CA installed.
  • You know the IdM Directory Manager password.

Procedure

  1. Start the installation: 

    [root@idmserver ~] ipa-ca-install --external-ca
    Copy to Clipboard Toggle word wrap
  2. Wait till the command line informs you that a certificate signing request (CSR) has been saved.
  3. Submit the CSR to the external CA.
  4. Copy the issued certificate to the IdM server.

  5. Continue the installation by adding the certificates and full path to the external CA files to ipa-ca-install: 

    [root@idmserver ~]# ipa-ca-install --external-cert-file=/root/master.crt --external-cert-file=/root/ca.crt
    Copy to Clipboard Toggle word wrap

  6. On each IdM host in the topology, run the ipa-certupdate utility to update the host with the information about the new certificate from the IdM LDAP.

    Important

    Failing to run ipa-certupdate after generating the IdM CA certificate means that the certificate will not be distributed to the other IdM machines.

Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2026 Red HatRetour au début