Hi all,
For a project we want to use FreeIPA with external CA. We are using v4.6.6 on centos7.8.
The guides instruct to use command” ipa-server-install --external-ca”, get the CSR and run the install command again using the signed certificate.
Issue 1: key length is 2048 Fix: Found that this can be changed in file /usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py
* Add under:
# CA key algorithm # config.set("CA", "pki_ca_signing_key_size", 4096)
Issue 2: Subject DN The subject on the certificate request is “CN=Certificate Authority,O=[realm]” but the root-ca requires us to have in the format: CN=FREEIPA 2020,serialNumber=XxXx,O=xxx,C=XX
Q: Is it possible to install the FreeIPA server using the external root-ca and signed certificate from the beginning?
Q: Is it possible to alter the information on the certificate request to match the root-ca’s requirements?
Thanks, Anestis
freeipa-users@lists.fedorahosted.org