We have some ESXi boxes that need CA-signed certs and we're
trying to figure out how to properly construct a CSR so that our IPA CA will process it.
I'm having them create the cert using these commands:
# certutil -R -d $PATH_TO_DB -a -g 2048 -s "CN=${FQDN},O=MY.NET" -i
${SHORTHOSTNAME},${FQDN}
and when I take the resulting file and try to sign it in the GUI, I get a 903 error. When
I try from the command-line, I get prompted for the principal, which might be the problem
since I'm not sure what it would be:
# ipa cert-request my.csr
Principal:
Has anyone done this, or is it never going to work since the target system isn't
actually an IPA client?
Bret Wortman
Founder, Damascus Products, LLC
855-644-2783 | bret(a)wrapbuddies.co
http://wrapbuddies.co/
70 Main St. Suite 23 Warrenton, VA 20186
Bret Wortman
Founder, Damascus Products, LLC
855-644-2783 | bret(a)wrapbuddies.co
70 Main St. Suite 23 Warrenton, VA 20186