Thank you.

> I personally haven't done this, but from
> "when --external-ca option is used, ipa-server-install produces a
certificate certificate request for it's CA certificate so that it can be
properly chained in existing PKI infrastructure."

Is anyone here been successful in getting external CA to sign this kind of
certificate?  I have just tried to convince DigiCert for 2 days that there
is no harm issuing this kind of certificate as long us it's restricted to
one domain without success.

Which external CA would be more open to signing this kind of certificate?

Lastly, would there be any harm enrolling IPA clients to this server before
feeding it the signed certificate ?


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to