Hi all,
For a project we want to use FreeIPA with external CA.
We are using v4.6.6 on centos7.8.
The guides instruct to use command ”ipa-server-install --external-ca”, get the
CSR and run the install command again using the signed certificate.
Issue 1: key length is 2048
Fix: Found that this can be changed in file
/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py
Add under:
# CA key algorithm
# config.set("CA", "pki_ca_signing_key_size", 4096)
Issue 2: Subject DN
The subject on the certificate request is
“CN=Certificate Authority,O=[realm]”
but the root-ca requires us to have in the format:
CN=FREEIPA 2020,serialNumber=XxXx,O=xxx,C=XX
Q: Is it possible to install the FreeIPA server using the external root-ca and
a signed certificate from the beginning? (csr created outside
ipa-server-install command)
Q: Is it possible to alter the information on the certificate request to match
the root-ca’s requirements?
Thanks,
Anestis
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
