William Graboyes wrote: > Hi List, > > I am having yet another issue, when I run the following command: > ipa-cacert-manage renew --external-ca > > It does output the CSR, however the CN is not a valid name > (Certificate Authority). Is it possible to change the output of this > command to use an external CA that requires a proper common name to be > in the CSR? > > What I am trying to do is change from the internal self signed certs > to an external CA signing system. >
What isn't valid about the name? This would make the IPA CA a subordinate of the external CA. Is that what you want? rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project