Le 12/10/2023 à 10:59, Florence Blanc-Renaud a écrit :
Hi,
If I recap everything so far:
- there is a single server, ipa3.lix.polytechnique.fr
It was part of a cluster but it is removed for the tests
- it was installed CA-less, with http and ldap certificates issued by an
external CA (C=FR, O=CNRS, CN=CNRS2-Standard), which is an intermediate CA, signed by the root CA (C=FR, O=CNRS, CN=CNRS2)
exactly
Your goal is to "replace our external CA to an Internal one", do you mean that you want IPA to act as a certificate authority, or use a different CA authority instead of C=FR, O=CNRS, CN=CNRS2-Standard ?
As I am not able to use CNRS2-Standard, I need to use a different CA authority
I thought using IPA as a certificate authority was logical (and should also be easier) but I can be wrong :-(
flo
Frederic