xenial (1) ipa-ca-install.1.gz

Provided by: freeipa-server_4.3.1-0ubuntu1_amd64 bug

NAME

       ipa-ca-install - Install a CA on a server

SYNOPSIS

       ipa-ca-install [OPTION]... [replica_file]

DESCRIPTION

       Adds  a  CA  as  an  IPA-managed  service.  This  requires  that  the IPA server is already installed and
       configured.

       The replica_file is created using the ipa-replica-prepare utility and should be the same  one  used  when
       originally installing the replica.

       Alternatively, you can run ipa-ca-install without replica_file to upgrade from CA-less to CA-full.

OPTIONS

       -d, --debug Enable debug logging when more verbose output is needed

       -p DM_PASSWORD, --password=DM_PASSWORD
              Directory Manager (existing master) password

       -w ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
              Admin user Kerberos password used for connection check

       --external-ca
              Generate a CSR for the IPA CA certificate to be signed by an external CA.

       --external-ca-type=TYPE
              Type  of  the external CA. Possible values are "generic", "ms-cs". Default value is "generic". Use
              "ms-cs" to include template name required  by  Microsoft  Certificate  Services  (MS  CS)  in  the
              generated CSR.

       --external-cert-file=FILE
              File containing the IPA CA certificate and the external CA certificate chain. The file is accepted
              in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used  multiple
              times.

       --ca-signing-algorithm=ALGORITHM
              Signing  algorithm  of  the  IPA  CA  certificate. Possible values are SHA1withRSA, SHA256withRSA,
              SHA512withRSA. Default value is SHA256withRSA. Use this option with --external-ca if the  external
              CA does not support the default signing algorithm.

       --no-host-dns
              Do not use DNS for hostname lookup during installation

       --skip-conncheck
              Skip connection check to remote master

       --skip-schema-check
              Skip check for updated CA DS schema on the remote master

       -U, --unattended
              An unattended installation that will never prompt for user input

EXIT STATUS

       0 if the command was successful

       1 if an error occurred