[Freeipa-users] Replica with external ca + custom subject in certificate
James James
jreg2k at gmail.com
Tue Apr 7 11:44:23 UTC 2015
ok.
Is there a way to migrate from an external CA to a CA-less or a self-signed
CA ?
2015-04-07 12:51 GMT+02:00 Martin Kosek <mkosek at redhat.com>:
> On 04/03/2015 11:39 AM, James James wrote:
> > Hello,
> >
> > I want to initialize a new replica with an external CA. My Certificate
> > Authority wants a CSR with the field emailAddress in the subject like :
> >
> > /C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=none at none.com
>
> I am not a bit confused. Do you plan to have FreeIPA *without* a CA or
> with own
> CA signed by external CA?
>
> FreeIPA supports these kinds of setups right now:
> http://www.freeipa.org/page/PKI#Blending_in_PKI_infrastructure
>
> > How can I do with the ipa-server-install command ? I have been trying
> for
> > few days but I still can't.
> >
> > Thanks for your help.
>
> CCing Honza who should know the definitive answer. However, FreeIPA was not
> very flexible in configuring special subjects for it's CA certificate (i.e.
> cn=Certificate Authority, ou=...) or hosts in case of CA-less setup.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150407/62856de0/attachment.htm>
More information about the Freeipa-users
mailing list