Package installation:

# subscription-manager register

# subscription-manager release --set 8.3

# subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms

# subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms

# yum module enable idm:DL1

# yum distro-sync

# yum module install idm:DL1/{server,client,adtrust)

Openssl certificate creation:

openssl genrsa -out rootCA.key 4096

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

openssl genrsa -out ipaserv.key 2048

openssl req -new -sha256 -key ipaserv.key -subj "/C=xx/ST=xx/O=xxx, Inc./CN=<hostname>" -out ipaserv.csr

openssl x509 -req -in ipaserv.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out ipaserv.crt -days 500 -sha256

Ipa Installation:

ipa-server-install \

--http-cert-file ipaserv.crt \

--http-cert-file ipaserv.key \

--dirsrv-cert-file ipaserv.crt \

--dirsrv-cert-file ipaserv.key \

--ca-cert-file rootCA.crt \

--no-pkinit

(during install, choose no for bind installation)

(at the end of the successful installation, it will create a dns zone file in /tmp/. Copy the content )