Sorry, let me back up a step. We need to implement hype everywhere. All our web 
services. And clients need to get keys&certs automatically whether through IPA 
or Puppet. These systems use IPA for everything but authentication (to keep 
most users off). I'm trying to wuss out the easiest way to make this happen 

Bret Wortman

On Jun 2, 2016, 5:31 PM -0400, Rob Crittenden<>, wrote:
> Bret Wortman wrote:
> > Is it possible to use our freeipa CA as a trusted CA to sign our
> > internal SSL certificates? Our system runs on a private network and so
> > using the usual trusted sources isn't an option. We've been using
> > self-signed, but that adds some additional complications and we thought
> > this might be a good solution.
> > 
> > Is it possible, and, since most online guides defer to "submit the CSR
> > to Verisign" or whomever, how would you go about producing one in this way?
> Not sure I understand the question. The IPA CA is also self-signed. For
> enrolled systems though at least the CA is pre-distributed so maybe that
> will help.
> rob
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to