[Freeipa-users] External cert with correct CSR?
Rob Crittenden
rcritten at redhat.com
Tue May 2 16:04:41 UTC 2017
Kat wrote:
> Hi all,
>
> I am somewhat confused trying to get the process of using an external
> cert for IPA.
>
> If I follow step 1:
> ipa-server-install -a Secret123 -p Secret123 -r EXAMPLE.COM
> --external-ca -U
>
> This does indeed generate a CSR, but trying to do anything with this CSR
> has no success since it is not properly formed with all info. In
> otherwords, ipa does not add country, state, location, etc. If I submit
> this CSR to any cert company, it will of course, complain. Is there a
> way to get this right? Or am I just missing something here?
>
What cert company are you trying to get to sign this? This is a CA cert,
I don't know that any of the major ones will sign this, at least not
without a huge check.
What version of IPA?
rob
More information about the Freeipa-users
mailing list