We're trying to set up OpenDirectory. It seems to want to create its own CA, and then an intermediate CA with a certificate signed by its own CA. I'd prefer to generate an intermediate CA certificate from our existing internal CA and have it use that instead. This would have several benefits (existing CA cert is already distributed to machines, so no need to click to trust new certs when joining client to OD, for starters).
However, I can't find any config for this certificate, nor any reference to any other way of doing it.
Is this a reasonable thing to try to do, and if so how do I do it?