Hide Forgot
The way the documentation is written, it's not clear that you have *3* choices when determining how to set up your CAs, rather than 2. Not knowing what dogtag was, it was not clear that it was an alternative to a self-signed certificate. So, I had interpreted this wording: For the FreeIPA server itself to work as a CA, it uses a self-signed certificate, meaning that it approved and issued its own certificate. This is done by using the --selfsign option with the ipa-server-install command. ...to mean that if I'm not using an external certificate from VeriSign or similar, that I would need to instead use the self-sign option, when what I should have done was provided no option at all. It would be better if the documentation was clearer about CA options, ie: * 2.3.3.2. Using Different CAs ** Example 1 Using Dogtag for Certificate Management (Recommended) ** Example 2 Using a self-signed certificate ** Example 3 Using a certificate from an External CA
I suggest we make the documentation clear about this. I also will open another bug to update man pages.
The man page bug is bug 742616, for reference.
*** Bug 747671 has been marked as a duplicate of this bug. ***
Fixed: http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/creating-server.html#install-ca-options