Yes, that appears to be the problem.
We have not confirmed it yet with the customer, but tests we did with a test
root-ca (openssl) did show that the certificate needs to have the same order of
the DN components as the csr in order for FreeIPA to accept it.
Our tests also showed that we can
On Tue, Nov 17, 2020 at 06:21:51PM -, A. Karampatziakis via FreeIPA-users
wrote:
> Hi Fraser,
>
> Thanks for the quick reply.
> We had tried the --ca-subject before with no success..
> It turns out the problem was with the order of the components in the DN.
> Your comment helped to go
Hi Fraser,
Thanks for the quick reply.
We had tried the --ca-subject before with no success..
It turns out the problem was with the order of the components in the DN.
Your comment helped to go through the contents of the files once more. :)
The csr had:
Subject:CN = XXxXxxX YYyY,O =
On Tue, Nov 17, 2020 at 12:53:19PM -, A. Karampatziakis via FreeIPA-users
wrote:
> Hi all,
>
> For a project we want to use FreeIPA with external CA.
> We are using v4.6.6 on centos7.8.
>
> The guides instruct to use command ”ipa-server-install --external-ca”, get
> the CSR and run the