Provided by: freeipa-server_4.3.1-0ubuntu1_amd64 
NAME
ipa-ca-install - Install a CA on a server
SYNOPSIS
ipa-ca-install [OPTION]... [replica_file]
DESCRIPTION
Adds a CA as an IPA-managed service. This requires that the IPA server is already
installed and configured.
The replica_file is created using the ipa-replica-prepare utility and should be the same
one used when originally installing the replica.
Alternatively, you can run ipa-ca-install without replica_file to upgrade from CA-less to
CA-full.
OPTIONS
-d, --debug Enable debug logging when more verbose output is needed
-p DM_PASSWORD, --password=DM_PASSWORD
Directory Manager (existing master) password
-w ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
Admin user Kerberos password used for connection check
--external-ca
Generate a CSR for the IPA CA certificate to be signed by an external CA.
--external-ca-type=TYPE
Type of the external CA. Possible values are "generic", "ms-cs". Default value is
"generic". Use "ms-cs" to include template name required by Microsoft Certificate
Services (MS CS) in the generated CSR.
--external-cert-file=FILE
File containing the IPA CA certificate and the external CA certificate chain. The
file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats.
This option may be used multiple times.
--ca-signing-algorithm=ALGORITHM
Signing algorithm of the IPA CA certificate. Possible values are SHA1withRSA,
SHA256withRSA, SHA512withRSA. Default value is SHA256withRSA. Use this option with
--external-ca if the external CA does not support the default signing algorithm.
--no-host-dns
Do not use DNS for hostname lookup during installation
--skip-conncheck
Skip connection check to remote master
--skip-schema-check
Skip check for updated CA DS schema on the remote master
-U, --unattended
An unattended installation that will never prompt for user input
EXIT STATUS
0 if the command was successful
1 if an error occurred