We have some ESXi boxes that need CA-signed certs and we're trying to figure out how to properly construct a CSR so that our IPA CA will process it.
I'm having them create the cert using these commands:
# certutil -R -d $PATH_TO_DB -a -g 2048 -s "CN=${FQDN},O=MY.NET" -i ${SHORTHOSTNAME},${FQDN}
and when I take the resulting file and try to sign it in the GUI, I get a 903 error. When I try from the command-line, I get prompted for the principal, which might be the problem since I'm not sure what it would be:
# ipa cert-request my.csr
Principal:
Has anyone done this, or is it never going to work since the target system isn't actually an IPA client?
 |
|
Bret Wortman
Founder, Damascus Products, LLC
|
|
|
