Closed dracorp closed 2 weeks ago
I would like to use ansible playbook instead of ipa-server-install: https://frasertweedale.github.io/blog-redhat/posts/2020-01-28-freeipa-override-ca-key-size.html
I think it is needed to follow that guide also for ipaserver role:
1) Create pki_override.cfg
on the target
2) Set ipaserver_pki_config_override
in the inventory or playbook to point to the full path of the file on the target.
3) Deploy using the ipaserver role
Hi @t-woerner I missed also this ipaserver_dirsrv_cert_files and ipaserver_http_cert_files. I've created a new private key file and proper csr, with own fields. Thank you.
I'm using ansible-freeipa 1.12.1 installed on Redhat9 with external_ca option. I got a csr for IPA server but I cannot obtain certificate because of key length:
My CA rejects CSRs with "invalid" length. I need 4096 key length. How I can change this or can I supply my own csr to ansible playbook?
My playbook:
With options: