Hey folks,
Would it be possible to get FreeIPA to sign an arbitrary, non IPA
managed CA? Background: Before FreeIPA we enrolled our own CA for
internal services and imported the CA into the browsers, which worked
like a charm. Now with FreeIPA we would have to import two CAs into the
browsers and would like to have the external CA as an intermediate.
It's okay to roll out a new CA & certificates.
I also tried to add a 2nd CA via the web-Gui, which worked. But I could
not figure out how to get that private key.
So in short: The way doesn't matter. In the end I would like to have an
intermediate CA, signed by FreeIPA main CA which a 10+ year validity
that I can externally use.
Any approach to that?
Thanks,
Chris.
--
Christian Reiss - email(a)christian-reiss.de /"\ ASCII Ribbon
support(a)alpha-labs.net \ / Campaign
X against HTML
WEB
alpha-labs.net / \ in eMails
GPG Retrieval
https://gpg.christian-reiss.de
GPG ID ABCD43C5, 0x44E29126ABCD43C5
GPG fingerprint = 9549 F537 2596 86BA 733C A4ED 44E2 9126 ABCD 43C5
"It's better to reign in hell than to serve in heaven.",
John Milton, Paradise lost.