Walid wrote:
Hi Dmitri,
I am interested in the renewal process, how would that happen for
clients, and when would it happen?
It depends on what scenario you're talking about (self-signed IPA cert,
IPA as subordinate, user-provided certificates), and what certs you mean.
rob
On 11 September 2014 03:01, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:
On 09/10/2014 07:57 PM, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Dmitri,
Production Environment is going to be RH 6.5, We are still
evaluating
the usage of systemd. More like we are taking a wait and see
approach
to to systemd, while actively testing it.
The command line options for chaining are there from day one.
So you would need to chain your production environment when you
deploy it.
In future when you migrate to later versions (in couple of years or
so) you will be able to change the chaining using the new tools.
Right now it is a vary hard multi step manual procedure. This is why
we developed the tool.
But you should be all set for now. You would not need to change
anything for several years.
Thanks
Dmitri
Thanks,
Bill
On Wed Sep 10 16:49:24 2014, Dmitri Pal wrote:
On 09/10/2014 07:26 PM, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Chris,
Thank you for the suggestion. Looking at
http://www.redhat.com/__archives/freeipa-users/2014-__August/msg00334.html
<http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html>
Installing a new, third party cert requires a reinstall
of IPA? IPA
Devs, that is a bit silly don't you think? A year or
two in the cert
expires, now you have to start from scratch? I will
wait for some form
of response before I attempt at eating crow in front of
management.
I forgot to mention, free-ipa version
ipa-server-3.0.0-37.el6.x86___64.
Since 3.0 internal certs are issued for 2 years and are renewed
automatically. The root cert is valid for more than two
years (AFAIR
it is 20).
On Wed Sep 10 15:55:56 2014, Chris Whittle wrote:
Search the list for a post by me and certs...
Basically there is a
install
flag that will do all the work for you once you have
it the cert in the
right format.
On Sep 10, 2014 5:53 PM, "William Graboyes"
<wgrabo...@cenic.org <mailto:wgrabo...@cenic.org>>
wrote:
********* *BEGIN ENCRYPTED or SIGNED PART* *********
Hello list,
I have been fruitlessly searching for some
information, especially
related to Certs, namely how to replace the self
signed certs with
certs from a trusted CA? As we are moving forward into
productionizing of our free-ipa install, I am
finding information on
the net to be a bit lacking. There is also the
possibility that I am
not looking in the right places, or using the
correct search terms.
Any help on this front would be greatly appreciated.
Thanks,
Bill
********** *END ENCRYPTED or SIGNED PART* **********
--
Manage your subscription for the Freeipa-users
mailing list:
https://www.redhat.com/__mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>
Go To http://freeipa.org for more info on the
project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQIcBAEBCgAGBQJUEN4JAAoJEJFMz7__3A1+zrjNAP/__1aZOjhp6c6JwWXUjBE4Pt4i
u6Z1BRFNYgIc5/__aNsPAKrdzMqQgTjgWJvSh5UCON0Vdm__uIx7pQLP7nIlaCCXTRRK
pKx2Cez5Ho7Lwlsb87WW3bzjcyKGX5__Wd3+__VJdQ6ugYJTpVS4gMxh8atZCV613EY6
FuMk1RS6qlWM2Ut3SjmaAZK3jTw2pU__sJzW3zzB271i6sJqAMZTh7Lrie6QcG__qAON
eLGlWBZuCaeULUuQmArVZiP3qPnH5N__uccvXLFVbX7D1+__SM8XeLWrTklN1bfX2HF0
QCFlizb+bBga/__d5cEaCv7R8v6m46R4wS779KSUV1jn9__PpHISNcmLafv6dTAb6F+5
RBADwBP6coh5LrOJJh0pIByx9dYRbd__if/BSH4VMcvfvFMs/__EO1PAsGLWQPwoNfYO
0SzUV1R47JW9NGzeTxja+__byKz9hwGtAT2FIw0NibR+__M1FydPD9k3LTjTnQWgeSro
ks3AUPDy/hj+E72QDORj+/__Zvy3sw8wDFVRw2LH/__jaDmWbWhZUG4riC3w2egPjcSK
KIYQ7L/fdeN6S9jt8UcUf1YDHgfLU+__iTgqyssr54RufVuM9iBNOkoWxxI0Q9__oyMF
NDKiOY8rs2rBu6x09NiHG0BoX1LQzr__rKQFQ4ao48w2RH3ocFCgQbsEHZ18uI__fo4Y
CB5M63nykETHkkR3ZFkd
=8T1Y
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJUEOV8AAoJEJFMz7__3A1+zrgwAQAJkx74MPOVvbnrG+__dmY8w7ok
J/6NWt9Rb/__pS9gRrN7iFopni3BoHuLFC6ltwD6Ko__WllYClwoXke4T0FQ/nU6Ar6M
tsuQMYxP0boxhQua2uF/kZ/__atMolxoNMShNixXd4dnWtBlpl+R+__V58FtfjSGfy49
qX2Ge6g6wEFATwKReM1KpKCFIfO/__yq/__wM4NLvvBd6WShJXh6TQBE44y9aXLLJ__IlP
DApoLnMHaopNZITSNKt1t7dgw6ne9O__370nQwOxR5L0peH8bxla0FLJ57vX+__RCC0f
3EV/__tQHKiXET1RqWE927tfPf171Xcq7sdj__LRUL2JTVCK3zPZUuVg9WmuqrLUArhW
f1XRpn1MM2e0xn18rvHfuRZr2IIUuP__E+RfVcQMgEcgtSYuDNlVYCO/__ONyTQHxJ/E
JRkN6nDOZ1nlItJlrrT0MVgdMKQLG7__IxkvOndGsyOShD/__XvvjQYlQbDvRvodnAlc
JUIlcC3PbGZh+__CRymXzu6M7DYceE5rJ/HzbR1UAPM/__dep1P6zA3WyTS15tzIJ93f
pjLYTciDvPbTOfRTV+__1PQvvVDbHZve34wcjGZHaqV35qUQwX__cd/DQK18L8S7EmDx
BeBmii/__cX2qBSyzDNGgSjtBTh0AT67tpJQPnH__7brsVc9S75+E/MyDqXZjqiJv/9N
i22XgsD/iTzkP3o0OTjs
=FKVl
-----END PGP SIGNATURE-----
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/__mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>
Go To http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
