On 09/10/2014 07:57 PM, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Dmitri,
Production Environment is going to be RH 6.5, We are still evaluating
the usage of systemd. More like we are taking a wait and see approach
to to systemd, while actively testing it.
The command line options for chaining are there from day one.
So you would need to chain your production environment when you deploy it.
In future when you migrate to later versions (in couple of years or so)
you will be able to change the chaining using the new tools. Right now
it is a vary hard multi step manual procedure. This is why we developed
the tool.
But you should be all set for now. You would not need to change anything
for several years.
Thanks
Dmitri
Thanks,
Bill
On Wed Sep 10 16:49:24 2014, Dmitri Pal wrote:
On 09/10/2014 07:26 PM, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Chris,
Thank you for the suggestion. Looking at
http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html
Installing a new, third party cert requires a reinstall of IPA? IPA
Devs, that is a bit silly don't you think? A year or two in the cert
expires, now you have to start from scratch? I will wait for some form
of response before I attempt at eating crow in front of management.
I forgot to mention, free-ipa version ipa-server-3.0.0-37.el6.x86_64.
Since 3.0 internal certs are issued for 2 years and are renewed
automatically. The root cert is valid for more than two years (AFAIR
it is 20).
On Wed Sep 10 15:55:56 2014, Chris Whittle wrote:
Search the list for a post by me and certs... Basically there is a
install
flag that will do all the work for you once you have it the cert in the
right format.
On Sep 10, 2014 5:53 PM, "William Graboyes" <wgrabo...@cenic.org>
wrote:
********* *BEGIN ENCRYPTED or SIGNED PART* *********
Hello list,
I have been fruitlessly searching for some information, especially
related to Certs, namely how to replace the self signed certs with
certs from a trusted CA? As we are moving forward into
productionizing of our free-ipa install, I am finding information on
the net to be a bit lacking. There is also the possibility that I am
not looking in the right places, or using the correct search terms.
Any help on this front would be greatly appreciated.
Thanks,
Bill
********** *END ENCRYPTED or SIGNED PART* **********
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJUEN4JAAoJEJFMz73A1+zrjNAP/1aZOjhp6c6JwWXUjBE4Pt4i
u6Z1BRFNYgIc5/aNsPAKrdzMqQgTjgWJvSh5UCON0VdmuIx7pQLP7nIlaCCXTRRK
pKx2Cez5Ho7Lwlsb87WW3bzjcyKGX5Wd3+VJdQ6ugYJTpVS4gMxh8atZCV613EY6
FuMk1RS6qlWM2Ut3SjmaAZK3jTw2pUsJzW3zzB271i6sJqAMZTh7Lrie6QcGqAON
eLGlWBZuCaeULUuQmArVZiP3qPnH5NuccvXLFVbX7D1+SM8XeLWrTklN1bfX2HF0
QCFlizb+bBga/d5cEaCv7R8v6m46R4wS779KSUV1jn9PpHISNcmLafv6dTAb6F+5
RBADwBP6coh5LrOJJh0pIByx9dYRbdif/BSH4VMcvfvFMs/EO1PAsGLWQPwoNfYO
0SzUV1R47JW9NGzeTxja+byKz9hwGtAT2FIw0NibR+M1FydPD9k3LTjTnQWgeSro
ks3AUPDy/hj+E72QDORj+/Zvy3sw8wDFVRw2LH/jaDmWbWhZUG4riC3w2egPjcSK
KIYQ7L/fdeN6S9jt8UcUf1YDHgfLU+iTgqyssr54RufVuM9iBNOkoWxxI0Q9oyMF
NDKiOY8rs2rBu6x09NiHG0BoX1LQzrrKQFQ4ao48w2RH3ocFCgQbsEHZ18uIfo4Y
CB5M63nykETHkkR3ZFkd
=8T1Y
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJUEOV8AAoJEJFMz73A1+zrgwAQAJkx74MPOVvbnrG+dmY8w7ok
J/6NWt9Rb/pS9gRrN7iFopni3BoHuLFC6ltwD6KoWllYClwoXke4T0FQ/nU6Ar6M
tsuQMYxP0boxhQua2uF/kZ/atMolxoNMShNixXd4dnWtBlpl+R+V58FtfjSGfy49
qX2Ge6g6wEFATwKReM1KpKCFIfO/yq/wM4NLvvBd6WShJXh6TQBE44y9aXLLJIlP
DApoLnMHaopNZITSNKt1t7dgw6ne9O370nQwOxR5L0peH8bxla0FLJ57vX+RCC0f
3EV/tQHKiXET1RqWE927tfPf171Xcq7sdjLRUL2JTVCK3zPZUuVg9WmuqrLUArhW
f1XRpn1MM2e0xn18rvHfuRZr2IIUuPE+RfVcQMgEcgtSYuDNlVYCO/ONyTQHxJ/E
JRkN6nDOZ1nlItJlrrT0MVgdMKQLG7IxkvOndGsyOShD/XvvjQYlQbDvRvodnAlc
JUIlcC3PbGZh+CRymXzu6M7DYceE5rJ/HzbR1UAPM/dep1P6zA3WyTS15tzIJ93f
pjLYTciDvPbTOfRTV+1PQvvVDbHZve34wcjGZHaqV35qUQwXcd/DQK18L8S7EmDx
BeBmii/cX2qBSyzDNGgSjtBTh0AT67tpJQPnH7brsVc9S75+E/MyDqXZjqiJv/9N
i22XgsD/iTzkP3o0OTjs
=FKVl
-----END PGP SIGNATURE-----
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
