Yeah, I'm still not getting this, and I'm probably missing something
painfully obvious.
I follow the steps here:
1. Log into the server for which I need the cert.
2. # certutil -R -d /etc/pki/nssdb -a -g 2048 -s
"CN=testesk1.internal.net,O=INTERNAL.NET" > ssl.csr
I then copy the contents of the csr file and paste it into the FreeIPA
UI after selecting Actions->New Certificiate from the Host Settings page.
3. I then click Actions->Get Certificate on that same page to extract
the contents and paste it into a new .pem file on the requesting host.
But how do I get at the key that was used in the creation of this cert?
I can get the cacert, and I've got the newly-issued cert, but what about
the key?
Thanks!
Bret
On 09/27/2016 02:00 PM, Bret Wortman wrote:
That looks like it worked, but I have a follow-on question:
I need to provide my RabbitMQ instance with a cacert file, a cert, and
a key file. These seem to be .pem files. Is there an easy way to
gather these 3 files from a typical IPA client node?
Merci!
Bret
On 09/27/2016 11:28 AM, Florence Blanc-Renaud wrote:
Hi Bret,
would the following be helpful? In "Linux Domain Identity,
Authentication, and Policy Guide", Chapter 17.1.1 Requesting New
Certificates for a User, Host, or Service [1]
Flo.
[1]
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/certificates.html#certificate-request
On 09/27/2016 04:20 PM, Bret Wortman wrote:
Is there a guide anywhere for how to obtain an SSL certificate for a
new
server & service from the IPA CA master? Most of the guides I'm seeing
online use web pages at the major CAs to do this and I'd like to
keep it
in the family.
Thanks!
--
*Bret Wortman*
<http://wrapbuddies.co/>
http://wrapbuddies.co/
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project