On 07/12/2017 12:50 PM, John Morris via FreeIPA-users wrote:
Is it possible to use certmonger to request a cert from a FreeIPA
sub-CA?  What is the `ipa-getcert request` command-line usage for that?

The certmonger man-pages seem to indicate the `ipa-getcert request -X
ISSUER` argument.  However I've been unable to find usage examples, and
using neither the ipa sub-CA's name nor subject DN for ISSUER seem to work.

I'm not sure what changed, but the `-X sub-CA-name` arg started working suddenly. Very nice!

Sadly, the `-F ca-cert-file-path` arg only gets the top-level CA cert, and not the sub-CA cert. But that can be worked around. Thanks-

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to