I am new to FreeIPA and am attempting to stand up my first operational 
instance.  We do have a commercial wildcard certificate 
(*.internal.example.org) that should cover the IPA server itself 
(ipa.internal.example.org).  I used the -external-CA option when running the 
setup and so a CSR was generated.  Since we have a wildcard cert, I wasn't sure 
if I really need to submit the CSR to our PKI vendor.  At the same time, it's 
not clear to me through searching documents how I would extend the CA chain.  
Do I need to submit that CSR or is there a way for me to do this on my own?

Any assistance is much appreciated.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to