On 16.9.2013 01:20, Andrew Lau wrote:
On Mon, Sep 16, 2013 at 4:23 AM, Dmitri Pal <[email protected]
<mailto:[email protected]>> wrote:
On 09/14/2013 04:00 AM, Andrew Lau wrote:
Hi,
I have a reverse proxy infront of many of my hosts, each of the
virtual hosts have their own SSL cert, currently with FreeIPA I'm
adding hosts for each virtual host and then creating a cert.
From what I've found, it doesn't seem to be possible to do a
wildcard ssl through FreeIPA, I tried exporting the ca root
private key to manually sign a wildcard cert with no success. I
may have done that wrong.
Any suggestions?
Is this what you are looking for?
https://fedorahosted.org/freeipa/ticket/3475
It is currently on a distant roadmap but help always welcome.
Thanks,
Andrew
_______________________________________________
Freeipa-users mailing list
[email protected] <mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
_______________________________________________
Freeipa-users mailing list
[email protected] <mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/freeipa-users
Yeah.
Is there any way of manually doing that now by pulling the root ca and
key out to sign a cert?
You can do it manually via Dogtag.
First, import the client cert from /root/ca-agent.p12 found on your IPA
server to your web browser.
Then, navigate your web browser to
https://ipaserver:8443/ca/ee/ca/profileSelect?profileId=caServerCert,
paste the wildcard CSR in the form and submit it.
Then, navigate your web browser to
https://ipaserver:8443/ca/agent/ca/listRequests.html, find your request
and approve it. This should give you the signed certificate.
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
