On Fri, Sep 06, 2019 at 12:01:23PM +0100, lejeczek via FreeIPA-users wrote: > hi guys, > > how to manage those? > > Why are these missing in "standard" IPA installations and how to get > them in? > > many thanks, L. > Do you mean in the IPA CA certificate, or in the end-entity certificates?
If the CA certificate, use the --ca-subject option to specify the full subject DN you desire. Note that you can only do this upon installation; there is no way to change the subject of the CA after installation. For end-entity certificates, upon installation you can use the --subject-base option to specify the desired "subject base DN", to which the Common Name (CN) will be appended. For existing installations you can use the 'ipa certprofile-*' commands to import or modify profile configurations. You will want to tweak the configuration of the 'subjectNameDefaultImpl' component to put include the desired attributes. Cheers, Fraser _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
