On 04/03/2015 11:39 AM, James James wrote: > Hello, > > I want to initialize a new replica with an external CA. My Certificate > Authority wants a CSR with the field emailAddress in the subject like : > > /C=FR/O=TESTO/OU=TESTOU/CN=*.example.com/emailAddress=n...@none.com
I am not a bit confused. Do you plan to have FreeIPA *without* a CA or with own CA signed by external CA? FreeIPA supports these kinds of setups right now: http://www.freeipa.org/page/PKI#Blending_in_PKI_infrastructure > How can I do with the ipa-server-install command ? I have been trying for > few days but I still can't. > > Thanks for your help. CCing Honza who should know the definitive answer. However, FreeIPA was not very flexible in configuring special subjects for it's CA certificate (i.e. cn=Certificate Authority, ou=...) or hosts in case of CA-less setup. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project