All,
My organization has been using Red Hat IDM (FreeIPA) as our authentication source, DNS, & CA for years. We are in the middle of a tech refresh and one of our goals is to ensure all of our services have certs signed by the FreeIPA CA. So I have been trying to figure out how to get the VMCA root certs converted to intermediate certs signed by our FreeIPA Root CA
All of the guides I have found through googling explain how to accomplish this with a Windows CA which appears to have far fewer constraints when issuing a cert then FreeIPA. I am hoping someone can help.
I am attempting to merge these 2 articles together to come out with a positive result.
setup-vcenter-as-subordinate-ca-and-replace-host-certificates
ipa-subordinate-ca
The error I get when trying to issue the sign the CSR with FreeIPA is "ipa: ERROR: invalid 'csr': subject alt name type RFC822Name is forbidden for non-user principals"
Best I can tell is this error is related to the CSRs "X509v3 Subject Alternative Name" which contains the following information. email:admin@example.com, IP Address:10.10.10.50, DNS:vcsa01.example.com
