netcicd S via FreeIPA-users wrote: > OK found it. > > Create a file called PKI.conf and add > ``` > [CA] > pki_random_serial_numbers_enable = True > ``` > in the dockerfile: > > COPY pki.conf /etc/pki/pki.conf > > in docker-compose under environment in IPA_SERVER_INSTALL_OPTS add: > > --pki-config-override=/etc/pki/pki.conf
I would not recommend doing this. IPA has not been tested with this and there are some known issues with it, notably in transmitting the potentially huge serial numbers in the API. We are still waiting for changes in the CA to be able to fully implement this. See https://pagure.io/freeipa/issue/2016 for some history. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure