On 09/09/2019 01:07, Fraser Tweedale wrote: > On Fri, Sep 06, 2019 at 12:01:23PM +0100, lejeczek via FreeIPA-users wrote: >> hi guys, >> >> how to manage those? >> >> Why are these missing in "standard" IPA installations and how to get >> them in? >> >> many thanks, L. >> > Do you mean in the IPA CA certificate, or in the end-entity > certificates? > > If the CA certificate, use the --ca-subject option to specify the > full subject DN you desire. Note that you can only do this upon > installation; there is no way to change the subject of the CA after > installation.
Yes, I learned that bit in the meanwhile, I think on your blog. Will it ever be possible to change CA's cert after installation at any time? many thanks, L. > > For end-entity certificates, upon installation you can use the > --subject-base option to specify the desired "subject base DN", to > which the Common Name (CN) will be appended. For existing > installations you can use the 'ipa certprofile-*' commands to import > or modify profile configurations. You will want to tweak the > configuration of the 'subjectNameDefaultImpl' component to put > include the desired attributes. > > Cheers, > Fraser
pEpkey.asc
Description: application/pgp-keys
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
