Greetings, During installation process I used following pki_override.cfg file
[DEFAULT] pki_admin_key_algorithm=SHA512withRSA pki_admin_key_size=8192 pki_audit_signing_key_algorithm=SHA512withRSA pki_audit_signing_key_size=8192 pki_audit_signing_key_type=rsa pki_audit_signing_signing_algorithm=SHA512withRSA pki_ssl_server_key_algorithm=SHA512withRSA pki_ssl_server_key_size=8192 pki_sslserver_signing_algorithm=SHA512withRSA pki_subsystem_key_algorithm=SHA512withRSA pki_subsystem_signing_algorithm=SHA512withRSA pki_subsystem_key_size=8192 [CA] pki_ca_signing_key_size=8192 pki_ca_signing_key_algorithm=SHA512withRSA pki_ca_signing_signing_algorithm=SHA512withRSA pki_ocsp_signing_key_algorithm=SHA512withRSA pki_ocsp_signing_key_size=8192 pki_ocsp_signing_signing_algorithm=SHA512withRSA [KRA] pki_storage_key_algorithm=SHA512withRSA pki_storage_key_size=8192 pki_storage_signing_algorithm=SHA512withRSA pki_transport_key_algorithm=SHA512withRSA pki_transport_key_size=8192 pki_transport_signing_algorithm=SHA512withRSA [OCSP] pki_ocsp_signing_key_algorithm=SHA512withRSA pki_ocsp_signing_key_size=8192 pki_ocsp_signing_signing_algorithm=SHA512hRSA This lead to the following error when I'm trying to add subCA Request failed with status 400: Non-2xx response from CA REST API: 400. Failed to issue CA certificate. Final status: rejected. Additional info: Key Parameters 1024,2048,3072,4096,nistp256,nistp384,nistp521 Not Matched By default we have three certificate profiles caIPAserviceCert, KDCs_PKINIT_Certs, IECUserRoles but changing them does not fix this error. Could you please tell me where I can find a subCA certificate template? Regards, Alex Ivanov.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
