如何查找 FreeIPA 默认安装的.crt 文件?
[英]How to find .crt file installed by default of FreeIPA?
问题描述
Use this guide installed FreeIPA with SSL: https://www.howtoforge.com/how-to-install-freeipa-server-on-centos-7/
使用本指南安装 FreeIPA 和 SSL: https://www.howtoforge.com/how-to-install-freeipa-server-on-centos-7/
yum install ipa-server bind-dyndb-ldap ipa-server-dns -y
ipa-server-install --setup-dns
After finish it, it can be accessed by https://ipa.hakase-labs.io/ .完成后,可以通过https://ipa.hakase-labs.io/访问。
There are two files generated on the /root/ path:在 /root/ 路径下生成了两个文件:
- ca-agent.p12 ca-agent.p12
- cacert.p12 cacert.p12
If use a self-prepared CA file, we can know where the.crt file is.如果使用自己准备的CA文件,我们可以知道.crt文件在哪里。 And set it to a client server in order to connect to the LDAP(FreeIPA) server.并将其设置为客户端服务器以连接到 LDAP(FreeIPA)服务器。
But where is it by the default way?但是默认情况下它在哪里?
1 个解决方案
解决方案1
1 已采纳 2020-04-27 07:40:23
I don't see how this question is related to programming, maybe move it to ServerFault.我看不出这个问题与编程有何关系,也许将其移至 ServerFault。
And it's not clear what you want to do exactly.目前还不清楚你到底想做什么。 You don't want to install an embedded CA within the IPA Server, but it's unclear if you're going to use an external CA or no CA at all.您不想在 IPA 服务器中安装嵌入式 CA,但不清楚您是要使用外部 CA 还是根本不使用 CA。 In the first case this means the IPA Server would still automatically update the certificates, while the second case means you would update yourself when it is necessary.在第一种情况下,这意味着 IPA 服务器仍会自动更新证书,而第二种情况意味着您将在必要时自行更新。
The best entry point is the Linux Domain Identity, Authentication, and Policy Guide最佳入口点是Linux 域身份、身份验证和策略指南
If you're not going to use any CA at all, see section 2.3.6:如果您根本不打算使用任何 CA,请参阅第 2.3.6 节:
# ipa-server-install \
--http-cert-file /tmp/server.crt \
--http-cert-file /tmp/server.key \
--http-pin secret \
--dirsrv-cert-file /tmp/server.crt \
--dirsrv-cert-file /tmp/server.key \
--dirsrv-pin secret \
--ca-cert-file ca.crt
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.