Hello, I am trying to install FreeIPA with my own CA and certutil reject my RootCA (Certificate type not approuved for application).
The issue is when certutil verifies the RootCA with the certusage SSL CA (option -u L). My rootCA does not include sslCA in nsscertype. There is a way to install FreeIPA and change the certutil verification (option -u to A instead of L) ? I have tried multpile install: - FreeIPA with all certificates (httpd, dirsrv, kerberos), reject me with 'Certificate type not approuved for application' - FreeIPA with external-ca and update the subject, reject me with the emailAddress object - FreeIPA with no certificate options and added my ROOTCA with ipa-ca-install, reject me with 'Certificate type not approuved for application' Best regards, Joseph KERVELEC
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
