On Thu, Feb 13, 2020 at 11:59:34AM +0000, lejeczek via FreeIPA-users wrote: > hi everyone, > > how, if possible at, to have IPA sing a cert sign request which is > not part of IPA's domain/realm? > > many thanks, L. > You sure can. Just add the host principal for the name you want, and use it as the subject principal. The same operator authorisation and CA ACLs enforcement is applied for every certificate request, whether the subject DNS name is within the IPA domain or not.
Cheers, Fraser _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org