Add a commercially signed SSL certificate to FreeIPA after installation

on June 6th, 2017 by Hades | No Comments »

FreeIPA is touted as a platform for centralized authentication/identity management, and it fills this role very well. One thing that it does not do well allows you to add a commercially signed certificate after the FreeIPA installation is complete. You have to either start with a commercially signed cert, or live with the self-signed cert forever. No switching sides!

Convert crt file in PEM format

Create pem file from original certificate

Concatenate PEM certificate in single file, Root crt and Chain crt

Export PEM cert and private key in PKCS12 format

Import PKCS12 (.p12) certificate in NSS DB

The password for NSS DB you can found here: /etc/httpd/alias/pwdfile.txt

You can verify your certificate using following command

put Example-GlobalSign nickname in nss.conf config file

Restart HTTPD