[Freeipa-users] PKI signing certificate question
William Muriithi
william.muriithi at gmail.com
Fri Jul 29 20:27:16 UTC 2016
Clark,
Thank you.
> I personally haven't done this, but from https://www.freeipa.org/page/PKI
>
> "when --external-ca option is used, ipa-server-install produces a
certificate certificate request for it's CA certificate so that it can be
properly chained in existing PKI infrastructure."
>
Is anyone here been successful in getting external CA to sign this kind of
certificate? I have just tried to convince DigiCert for 2 days that there
is no harm issuing this kind of certificate as long us it's restricted to
one domain without success.
Which external CA would be more open to signing this kind of certificate?
Lastly, would there be any harm enrolling IPA clients to this server before
feeding it the signed certificate ?
Regards
William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160729/e6d7f58a/attachment.htm>
More information about the Freeipa-users
mailing list