Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 31. Adding the IdM CA service to an IdM server in a deployment without a CA

If you previously installed an Identity Management (IdM) domain without the certificate authority (CA) component, you can add the IdM CA service to the domain to enable internal certificate management and enhance security.

Note

For details on the supported CA configurations, see Planning your CA services.

31.1. Installing the first IdM CA as the root CA into an existing IdM domain
Copia collegamento

Install an Identity Management (IdM) certificate authority (CA) on an existing IdM server that was installed without a CA. You can provide local certificate services and maintain control over your security infrastructure without a dependency on an external root CA.

Prerequisites

  • You have root permissions on idmserver.
  • The IdM server is installed on idmserver.
  • Your IdM deployment has no CA installed.
  • You know the IdM Directory Manager password.

Procedure

  1. On idmserver, install the IdM Certificate Server CA: 

    [root@idmserver ~] ipa-ca-install
    Copy to Clipboard Toggle word wrap

  2. On each IdM host in the topology, run the ipa-certupdate utility to update the host with the information about the new certificate from the IdM LDAP.

    Important

    If you do not run ipa-certupdate after generating the IdM CA certificate, the certificate will not be distributed to the other IdM machines.

Install the Identity Management (IdM) CA subordinate to an external root CA to integrate with your existing certificate infrastructure. This setup configures the server to operate directly under the root or through intermediate authorities to establish trust.

Prerequisites

  • You have root permissions on idmserver.
  • The IdM server is installed on idmserver.
  • Your IdM deployment has no CA installed.
  • You know the IdM Directory Manager password.

Procedure

  1. Start the installation: 

    [root@idmserver ~] ipa-ca-install --external-ca
    Copy to Clipboard Toggle word wrap
  2. Wait till the command line informs you that a certificate signing request (CSR) has been saved.
  3. Submit the CSR to the external CA.
  4. Copy the issued certificate to the IdM server.

  5. Continue the installation by adding the certificates and full path to the external CA files to ipa-ca-install: 

    [root@idmserver ~]# ipa-ca-install --external-cert-file=/root/master.crt --external-cert-file=/root/ca.crt
    Copy to Clipboard Toggle word wrap

  6. On each IdM host in the topology, run the ipa-certupdate utility to update the host with the information about the new certificate from the IdM LDAP.

    Important

    Failing to run ipa-certupdate after generating the IdM CA certificate means that the certificate will not be distributed to the other IdM machines.

Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2026 Red HatTorna in cima