Enrolling Server Certificate - dogtagpki/freeipa GitHub Wiki
To generate a CSR:
$ pki nss-cert-request \ --subject "CN=$HOSTNAME" \ --ext /usr/share/pki/server/certs/sslserver.conf \ --csr sslserver.csr
To inspect the CSR:
$ openssl req -text -noout -in sslserver.csr
To issue a certificate:
$ ipa cert-request --principal=HTTP/$HOSTNAME sslserver.csr
To retrieve the certificate:
$ ipa cert-show <serial number> --out=sslserver.crt
To inspect the certificate:
$ openssl x509 -text -noout -in sslserver.crt