Fraser Tweedale
>> Sent: Sunday, June 19, 2022 11:34 PM
>> To: Charles Hedrick ; Rob Crittenden via FreeIPA-users
>>
>> Cc: Rob Crittenden
>> Subject: Re: [Freeipa-users] Re: ipa-server-certinstall -k
>>
>> On Wed, Jun 15, 2022 at 04:23:30PM -0400,
will not include that either.
>
> Thanks,
> Fraser
>
>>
>> From: Fraser Tweedale
>> Sent: Sunday, June 19, 2022 11:34 PM
>> To: Charles Hedrick ; Rob Crittenden via FreeIPA-users
>>
>> Cc: Rob Crittenden
>>
lue. But public
CAs will not include that either.
Thanks,
Fraser
>
> From: Fraser Tweedale
> Sent: Sunday, June 19, 2022 11:34 PM
> To: Charles Hedrick ; Rob Crittenden via FreeIPA-users
>
> Cc: Rob Crittenden
> Subject: Re: [Freeipa-u
it.
From: Fraser Tweedale
Sent: Sunday, June 19, 2022 11:34 PM
To: Charles Hedrick ; Rob Crittenden via FreeIPA-users
Cc: Rob Crittenden
Subject: Re: [Freeipa-users] Re: ipa-server-certinstall -k
On Wed, Jun 15, 2022 at 04:23:30PM -0400, Rob Crittenden via FreeIPA-users
wrote:
> Char
On Wed, Jun 15, 2022 at 04:23:30PM -0400, Rob Crittenden via FreeIPA-users
wrote:
> Charles Hedrick via FreeIPA-users wrote:
> > the error is
> >
> > The KDC certificate in cert.pem, privkey.pem is not valid: invalid for a KDC
>
> A PKINIT certificate needs an EKU extension,
>
Charles Hedrick via FreeIPA-users wrote:
> the error is
>
> The KDC certificate in cert.pem, privkey.pem is not valid: invalid for a KDC
A PKINIT certificate needs an EKU extension,
https://datatracker.ietf.org/doc/html/rfc4556
When generating the key with OpenSSL you need to include
the error is
The KDC certificate in cert.pem, privkey.pem is not valid: invalid for a KDC
From: Charles Hedrick via FreeIPA-users
Sent: Wednesday, June 15, 2022 3:39 PM
To: freeipa-users@lists.fedorahosted.org
Cc: Charles Hedrick
Subject: [Freeipa-users]
