lejeczek via FreeIPA-users wrote: > > > On 26/07/2023 14:32, Rob Crittenden wrote: >> lejeczek via FreeIPA-users wrote: >>> Hi guys. >>> >>> Is it possible IPA output format (when rendered into files) is _pkcs_, >>> for both keys & certs? >>> Being not a security/cryptography expert thus unable to put it into >>> better words - format/container which works with/in Java? >>> Like when: >>> -> $ openssl pkcs8 ... -topk8 -nocrypt -v1 PBE-SHA1-3DES .. >> In what context? Except for those services that IPA uses itself it has >> no access to the private key so this would be an exercise for the >> end-user. >> >> certmonger owns certificates and keys end-to-end but it only supports >> PEM files and NSS databases. >> >> rob >> > apologies, yes, in context of 'service' certificates. so "external" to > IPA, eg.: ipa-getcert ...
You could try creating a post-command script to do whatever conversion you need. By the time that is triggered the cert is issued and on-disk. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
