we're building IPAs in an automated fashion, for environments that get created and destroyed a lot. At the moment, the CA certs used inside these IPAs are self-signed, as part of the normal "ipa-server-install" setup process.

We would like to switch to issuing signed intermediate CA certs to the IPAs we deploy.

The documentation lists the two part process necessary for this. First "--external-ca" - and then "--external-cert-file"

Are there any ways to skip this, and give the setup process a known public/private key+cert up front? I'm hoping to avoid the need to have to use/send this automatically generated CSR every time.


James M

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to