Hey folks, Would it be possible to get FreeIPA to sign an arbitrary, non IPA managed CA? Background: Before FreeIPA we enrolled our own CA for internal services and imported the CA into the browsers, which worked like a charm. Now with FreeIPA we would have to import two CAs into the browsers and would like to have the external CA as an intermediate.
It's okay to roll out a new CA & certificates. I also tried to add a 2nd CA via the web-Gui, which worked. But I could not figure out how to get that private key. So in short: The way doesn't matter. In the end I would like to have an intermediate CA, signed by FreeIPA main CA which a 10+ year validity that I can externally use. Any approach to that? Thanks, Chris. -- Christian Reiss - em...@christian-reiss.de /"\ ASCII Ribbon supp...@alpha-labs.net \ / Campaign X against HTML WEB alpha-labs.net / \ in eMails GPG Retrieval https://gpg.christian-reiss.de GPG ID ABCD43C5, 0x44E29126ABCD43C5 GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5 "It's better to reign in hell than to serve in heaven.", John Milton, Paradise lost.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org