[Freeipa-users] Replica with external ca + custom subject in certificate
Martin Kosek
mkosek at redhat.com
Tue Apr 7 10:51:35 UTC 2015
On 04/03/2015 11:39 AM, James James wrote:
> Hello,
>
> I want to initialize a new replica with an external CA. My Certificate
> Authority wants a CSR with the field emailAddress in the subject like :
>
> /C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=none at none.com
I am not a bit confused. Do you plan to have FreeIPA *without* a CA or with own
CA signed by external CA?
FreeIPA supports these kinds of setups right now:
http://www.freeipa.org/page/PKI#Blending_in_PKI_infrastructure
> How can I do with the ipa-server-install command ? I have been trying for
> few days but I still can't.
>
> Thanks for your help.
CCing Honza who should know the definitive answer. However, FreeIPA was not
very flexible in configuring special subjects for it's CA certificate (i.e.
cn=Certificate Authority, ou=...) or hosts in case of CA-less setup.
More information about the Freeipa-users
mailing list