1ipa-server-certinstall(1) IPA Manual Pages ipa-server-certinstall(1)
2
6 ipa-server-certinstall - Install new SSL server certificates
7
9 ipa-server-certinstall [OPTION]... FILE...
10
12 Replace the current Directory server SSL certificate, Apache server SSL
13 certificate and/or Kerberos KDC certificate with the certificate in the
14 specified files. The files are accepted in PEM and DER certificate,
15 PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 for‐
16 mats.
17 PKCS#12 is a file format used to safely transport SSL certificates and
19 public/private keypairs.
20 They may be generated and managed using the NSS pk12util command or the
22 OpenSSL pkcs12 command.
23 The service(s) are not automatically restarted. In order to use the
25 newly installed certificate(s) you will need to manually restart the
26 Directory, Apache and/or Krb5kdc servers.
27 If the ACME service is enabled then the web certificate must have a
29 Subject Alternative Name (SAN) for ipa-ca.$DOMAIN.
30
33 -d, --dirsrv
34 Install the certificate on the Directory Server
35 -w, --http
37 Install the certificate in the Apache Web Server
38 -k, --kdc
40 Install the certificate in the Kerberos KDC
41 --pin=PIN
43 The password to unlock the private key
44 --cert-name=NAME
46 Name of the certificate to install
47 -p, --dirman-password=DIRMAN_PASSWORD
49 Directory Manager password
50 --version
52 Show the program's version and exit
53 -h, --help
55 Show the help for this program
56 -v, --verbose
58 Print debugging information
59 -q, --quiet
61 Output only errors
62 --log-file=FILE
64 Log to the given file
65
67 0 if the installation was successful
68 1 if an error occurred
70IPA Mar 14 2008 ipa-server-certinstall(1)