Sorry for the redundancy but I thought it would be better to start a new thread 
since I am really asking a different question at this point.

We are trying to stand up an IPA instance using real certs (wildcard) for our 
domain, so that external users get a valid cert when coming the the https UI.  
I am trying to follow the steps given in this thread:  It 
seems no matter what I do, I end up with: "full certificate chain is not 
present in /etc/ipa/pki/".  Has this process been documented 
more completely anywhere?  Is this still a valid process?

I know that there is now an -external-ca option to ipa-server-install, but I 
have questions about the CSR process from my CA and they are not being very 
responsive.  I have also been told that this option would require a reseller 
arrangement potentially costing a lot of money...  we don't want to be in the 
CA business...  we just want our external users to be able to securely access 

Thanks again in advance for any assistance.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to