Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 27. Adding the IdM CA service to an IdM server in a deployment with a CA

If your Identity Management (IdM) environment already has the IdM certificate authority (CA) service installed but a particular IdM server, idmserver, was installed as an IdM replica without a CA, you can add the CA service to idmserver by using the ipa-ca-install command.


This procedure is identical for both the following scenarios:

  • The IdM CA is a root CA.
  • The IdM CA is subordinate to an external, root CA.


  • You have root permissions on idmserver.
  • The IdM server is installed on idmserver.
  • Your IdM deployment has a CA installed on another IdM server.
  • You know the IdM Directory Manager password.


  • On idmserver, install the IdM Certificate Server CA:

    [root@idmserver ~] ipa-ca-install