Hello, I am new to FreeIPA and am attempting to stand up my first operational instance. We do have a commercial wildcard certificate (*.internal.example.org) that should cover the IPA server itself (ipa.internal.example.org). I used the -external-CA option when running the setup and so a CSR was generated. Since we have a wildcard cert, I wasn't sure if I really need to submit the CSR to our PKI vendor. At the same time, it's not clear to me through searching documents how I would extend the CA chain. Do I need to submit that CSR or is there a way for me to do this on my own?
Any assistance is much appreciated. Sean
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project