Walid wrote:
Hi Rob,
Self signed IPA certificate i saw it is 20 years, however how about the
client nodes renewal, i see here it is automated, how, and when
For renewed CA certificate distribution, we are working on it in ticket
https://fedorahosted.org/freeipa/ticket/4322
For any server certificates on a client then certmonger is the way to
go, and is our recommended mechanism. It will monitor and automatically
renew any certificates installed (well, any it has permission to renew).
rob
On 16 September 2014 20:13, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:
Walid wrote:
Hi Dmitri,
I am interested in the renewal process, how would that happen for
clients, and when would it happen?
It depends on what scenario you're talking about (self-signed IPA
cert, IPA as subordinate, user-provided certificates), and what
certs you mean.
rob
On 11 September 2014 03:01, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>
<mailto:d...@redhat.com <mailto:d...@redhat.com>>> wrote:
On 09/10/2014 07:57 PM, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Dmitri,
Production Environment is going to be RH 6.5, We are still
evaluating
the usage of systemd. More like we are taking a wait
and see
approach
to to systemd, while actively testing it.
The command line options for chaining are there from day one.
So you would need to chain your production environment when you
deploy it.
In future when you migrate to later versions (in couple of
years or
so) you will be able to change the chaining using the new
tools.
Right now it is a vary hard multi step manual procedure.
This is why
we developed the tool.
But you should be all set for now. You would not need to change
anything for several years.
Thanks
Dmitri
Thanks,
Bill
On Wed Sep 10 16:49:24 2014, Dmitri Pal wrote:
On 09/10/2014 07:26 PM, William Graboyes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Chris,
Thank you for the suggestion. Looking at
http://www.redhat.com/____archives/freeipa-users/2014-____August/msg00334.html
<http://www.redhat.com/__archives/freeipa-users/2014-__August/msg00334.html>
<http://www.redhat.com/__archives/freeipa-users/2014-__August/msg00334.html
<http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html>>
Installing a new, third party cert requires a
reinstall
of IPA? IPA
Devs, that is a bit silly don't you think? A
year or
two in the cert
expires, now you have to start from scratch? I
will
wait for some form
of response before I attempt at eating crow in
front of
management.
I forgot to mention, free-ipa version
ipa-server-3.0.0-37.el6.x86_____64.
Since 3.0 internal certs are issued for 2 years and
are renewed
automatically. The root cert is valid for more than two
years (AFAIR
it is 20).
On Wed Sep 10 15:55:56 2014, Chris Whittle wrote:
Search the list for a post by me and certs...
Basically there is a
install
flag that will do all the work for you once
you have
it the cert in the
right format.
On Sep 10, 2014 5:53 PM, "William Graboyes"
<wgrabo...@cenic.org
<mailto:wgrabo...@cenic.org> <mailto:wgrabo...@cenic.org
<mailto:wgrabo...@cenic.org>>>
wrote:
********* *BEGIN ENCRYPTED or SIGNED PART*
*********
Hello list,
I have been fruitlessly searching for some
information, especially
related to Certs, namely how to replace the
self
signed certs with
certs from a trusted CA? As we are moving
forward into
productionizing of our free-ipa install, I am
finding information on
the net to be a bit lacking. There is also the
possibility that I am
not looking in the right places, or using the
correct search terms.
Any help on this front would be greatly
appreciated.
Thanks,
Bill
********** *END ENCRYPTED or SIGNED PART*
**********
--
Manage your subscription for the
Freeipa-users
mailing list:
https://www.redhat.com/____mailman/listinfo/freeipa-users
<https://www.redhat.com/__mailman/listinfo/freeipa-users>
<https://www.redhat.com/__mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>__>
Go To http://freeipa.org for more info
on the
project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQIcBAEBCgAGBQJUEN4JAAoJEJFMz7____3A1+zrjNAP/____1aZOjhp6c6JwWXUjBE4Pt4i
u6Z1BRFNYgIc5/____aNsPAKrdzMqQgTjgWJvSh5UCON0Vdm____uIx7pQLP7nIlaCCXTRRK
pKx2Cez5Ho7Lwlsb87WW3bzjcyKGX5____Wd3+____VJdQ6ugYJTpVS4gMxh8atZCV613EY6
FuMk1RS6qlWM2Ut3SjmaAZK3jTw2pU______sJzW3zzB271i6sJqAMZTh7Lrie6QcG____qAON
eLGlWBZuCaeULUuQmArVZiP3qPnH5N____uccvXLFVbX7D1+____SM8XeLWrTklN1bfX2HF0
QCFlizb+bBga/____d5cEaCv7R8v6m46R4wS779KSUV1jn9____PpHISNcmLafv6dTAb6F+5
RBADwBP6coh5LrOJJh0pIByx9dYRbd____if/BSH4VMcvfvFMs/____EO1PAsGLWQPwoNfYO
0SzUV1R47JW9NGzeTxja+____byKz9hwGtAT2FIw0NibR+____M1FydPD9k3LTjTnQWgeSro
ks3AUPDy/hj+E72QDORj+/____Zvy3sw8wDFVRw2LH/____jaDmWbWhZUG4riC3w2egPjcSK
KIYQ7L/fdeN6S9jt8UcUf1YDHgfLU+______iTgqyssr54RufVuM9iBNOkoWxxI0Q9____oyMF
NDKiOY8rs2rBu6x09NiHG0BoX1LQzr______rKQFQ4ao48w2RH3ocFCgQbsEHZ18uI____fo4Y
CB5M63nykETHkkR3ZFkd
=8T1Y
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQIcBAEBCgAGBQJUEOV8AAoJEJFMz7____3A1+zrgwAQAJkx74MPOVvbnrG+____dmY8w7ok
J/6NWt9Rb/____pS9gRrN7iFopni3BoHuLFC6ltwD6Ko____WllYClwoXke4T0FQ/nU6Ar6M
tsuQMYxP0boxhQua2uF/kZ/____atMolxoNMShNixXd4dnWtBlpl+R+____V58FtfjSGfy49
qX2Ge6g6wEFATwKReM1KpKCFIfO/____yq/____wM4NLvvBd6WShJXh6TQBE44y9aXLLJ____IlP
DApoLnMHaopNZITSNKt1t7dgw6ne9O______370nQwOxR5L0peH8bxla0FLJ57vX+____RCC0f
3EV/____tQHKiXET1RqWE927tfPf171Xcq7sdj______LRUL2JTVCK3zPZUuVg9WmuqrLUArhW
f1XRpn1MM2e0xn18rvHfuRZr2IIUuP____E+RfVcQMgEcgtSYuDNlVYCO/____ONyTQHxJ/E
JRkN6nDOZ1nlItJlrrT0MVgdMKQLG7____IxkvOndGsyOShD/____XvvjQYlQbDvRvodnAlc
JUIlcC3PbGZh+____CRymXzu6M7DYceE5rJ/HzbR1UAPM/____dep1P6zA3WyTS15tzIJ93f
pjLYTciDvPbTOfRTV+____1PQvvVDbHZve34wcjGZHaqV35qUQwX____cd/DQK18L8S7EmDx
BeBmii/____cX2qBSyzDNGgSjtBTh0AT67tpJQPnH____7brsVc9S75+E/MyDqXZjqiJv/9N
i22XgsD/iTzkP3o0OTjs
=FKVl
-----END PGP SIGNATURE-----
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/____mailman/listinfo/freeipa-users
<https://www.redhat.com/__mailman/listinfo/freeipa-users>
<https://www.redhat.com/__mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>__>
Go To http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project