Oliver Burtchen wrote:
is it possible to use an already configured und running dogtag-instance for
freeipa V2 in the installation process? I would like to give ipa-server-
install just the params for the dogtag-instance/server to use, and skip its
own creation-process (pkisilence ...).
Or are there arguments for an extra CA used by freeipa?
Background: I customized dogtag for my needs (using SHA256, default to 10 year
validity of ca-SigningCert, organization and location defaults, etc. ).
Probably the best way to do it would be to use the external CA install
option (--external-ca). This is a two-step installation process. The
first step generates a CSR for the IPA CA. You take this CSR to your
existing CA and issue a subordinate CA certificate that will be used by
IPA. Then you continue the IPA Installation and it sets up a separate
dogtag instance with this subordinate CA.
It might be possible to wedge in an existing dogtag install into IPA in
another way but I haven't yet tried it.
Freeipa-users mailing list