[Freeipa-users] External cert with correct CSR?
Kat
uncommonkat at gmail.com
Tue May 2 16:10:12 UTC 2017
Yeah, after I sent this email, I realized what I was trying to do and
that, "Oh wait, this is not really going to work."
For what it is worth - version on RHEL 7.3 - 4.4.0-14.el7_3.7
-K
On 5/2/17 11:04 AM, Rob Crittenden wrote:
> Kat wrote:
>> Hi all,
>>
>> I am somewhat confused trying to get the process of using an external
>> cert for IPA.
>>
>> If I follow step 1:
>> ipa-server-install -a Secret123 -p Secret123 -r EXAMPLE.COM
>> --external-ca -U
>>
>> This does indeed generate a CSR, but trying to do anything with this CSR
>> has no success since it is not properly formed with all info. In
>> otherwords, ipa does not add country, state, location, etc. If I submit
>> this CSR to any cert company, it will of course, complain. Is there a
>> way to get this right? Or am I just missing something here?
>>
> What cert company are you trying to get to sign this? This is a CA cert,
> I don't know that any of the major ones will sign this, at least not
> without a huge check.
>
> What version of IPA?
>
> rob
>
More information about the Freeipa-users
mailing list