Thank you Fraser - you hit the nail on the head! I had used openssl to create my Root CA and then an Intermediate CA following the guides at: https://jamielinux.com/docs/openssl-certificate-authority/ In that guide the extension for the intermediate is for pathlen:0 so I either need to change that to 1 or to sign the FreeIPA CSR using the Root certificate I generated with openssl. basicConstraints = critical, CA:true, pathlen:0
Many thanks for your help and I hope this questions helps someone in future. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org