How are you issuing the certs for the clients? Are they signed by the same
certificate chain that signed the IPA certificate? Did you install the CA
certificate chain as trusted CA on the clients?
On Thu, Jul 13, 2017 at 2:27 AM, Jeff Fouchard via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
We are in the process of switching to using an external CA. We have
successfully gone through he process and indeed the Web UI now shows the
expected certificate chain.
However when we issue certificates to our clients downstream they are
using a signing certificate that was not issued by the new external CA.
I've tried to find in the documentation how that gets set, but seem to be
at a loss. Can anyone point me in the correct direction?
Thanks!
Jeff
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org