Peter Tselios via FreeIPA-users wrote:
Thanks John.
It would be nice to create the certificate from the FreeIPA without any external tool
though :(
A certificate has two keys, a public and a private key.
You need to generate the private key somewhere. It is best practice to
generate the key where it will be used and never transport it. IPA
enforces this by not providing a way for the IPA server to generate the
private key for you.
Look at most every public CA and there is a big text box where you paste
a CSR.
rob