Yeah, after I sent this email, I realized what I was trying to do and that, "Oh wait, this is not really going to work."

For what it is worth - version on RHEL 7.3 - 4.4.0-14.el7_3.7


On 5/2/17 11:04 AM, Rob Crittenden wrote:
Kat wrote:
Hi all,

I am somewhat confused trying to get the process of using an external
cert for IPA.

If I follow step 1:
ipa-server-install -a Secret123 -p Secret123 -r EXAMPLE.COM
--external-ca -U

This does indeed generate a CSR, but trying to do anything with this CSR
has no success since it is not properly formed with all info.  In
otherwords, ipa does not add country, state, location, etc. If I submit
this CSR to any cert company, it will of course, complain. Is there a
way to get this right? Or am I just missing something here?

What cert company are you trying to get to sign this? This is a CA cert,
I don't know that any of the major ones will sign this, at least not
without a huge check.

What version of IPA?


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to