[Freeipa-users] using wildcard cert from external CA
Sean Conley - US
sconley at caci.com
Tue Nov 3 18:00:52 UTC 2015
Sorry for the redundancy but I thought it would be better to start a new thread since I am really asking a different question at this point.
We are trying to stand up an IPA instance using real certs (wildcard) for our domain, so that external users get a valid cert when coming the the https UI. I am trying to follow the steps given in this thread: https://www.redhat.com/archives/freeipa-users/2014-August/msg00338.html. It seems no matter what I do, I end up with: "full certificate chain is not present in /etc/ipa/pki/example.org.p12". Has this process been documented more completely anywhere? Is this still a valid process?
I know that there is now an -external-ca option to ipa-server-install, but I have questions about the CSR process from my CA and they are not being very responsive. I have also been told that this option would require a reseller arrangement potentially costing a lot of money... we don't want to be in the CA business... we just want our external users to be able to securely access IPA.
Thanks again in advance for any assistance.
Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151103/ae7f5473/attachment.htm>
More information about the Freeipa-users
mailing list