[Freeipa-users] --external-ca is a bit confusing.
Dmitri Pal
dpal at redhat.com
Thu Feb 21 08:30:45 UTC 2013
On 02/20/2013 10:20 PM, Kendrick . wrote:
> I am trying to get cacert to sign the csr. I have tried searching
> about it and cant figure out what is what. some information i have
> found suggests it wont be possible.
>
> when I go to get the csr signed i get
>
> "The following hostnames were rejected because the system couldn't
> link them to your account, if they are valid please verify the domains
> against your account.
> Rejected: Certificate Authority
> <https://www.cacert.org/account.php?id=7&newdomain=Certificate%20Authority>"
>
>
> I would prefer my certificates to be valid on the internet as some of
> the user certs would be used to sign emails and such. any advice
> would be appriciated.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Can you please be more specific about what you are doing?
The linking to the external CA is one time operation during the initial
installation.
If you want to use the IPA as a subordinate CA you need to specify a
flag during installation (it seems that you are doing that based on the
comments above). The installation will stop indicating that you need to
take CSR and sign by the external CA. So you should take the CSR and
sign. Then you present the result back to IPA and continue the installation.
Based on the description above it is not clear which step is failing.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130221/acd30cac/attachment.htm>
More information about the Freeipa-users
mailing list