Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-21 Thread Dmitri Pal 

On 05/19/2014 06:43 AM, Chris Whittle wrote:


All I am trying to fix right now is so when the user comes to the web 
ui they have a valid cert.




Then you need to put the IPA cert into the trusted cert store.
Its location depends upon the version of the client system you are using.

On May 19, 2014 2:01 AM, "Martin Kosek" > wrote:


On 05/17/2014 04:22 AM, Chris Whittle wrote:
> I have an existing key and crt that has be successfully
installed on other
> subdomain servers... Where is the best place to start?

To start what? :-) Without knowing what you want to achieve, I
would like to
point you to our training presentation describing different
FreeIPA Certificate
infrastructure integration procedures:


http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf

I would like to especially point you to the CA-less integration type.

HTH,
Martin



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-20 Thread Chris Whittle 
If anyone is looking for this check out
http://stackoverflow.com/questions/23374894/mod-nss-with-apache-public-certificate-issue?noredirect=1#comment36504881_23374894

It worked great with the caveat or needing the NSS Database Password which
was in "/etc/httpd/alias/pwdfile.txt" (per
http://www.freeipa.org/page/V3/Drop_selfsign_functionality)

Thanks


On Mon, May 19, 2014 at 7:15 AM, Simo Sorce  wrote:

> On Sun, 2014-05-18 at 20:58 -0500, Chris Whittle wrote:
> > Actually is this it?
> > http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>
> I think so, yeah.
>
> Simo.
>
> > On Sun, May 18, 2014 at 8:31 PM, Chris Whittle 
> wrote:
> >
> > > Thanks Simo, I'm finding a lot of posts on certs but none that really
> > > tells me what I need to do...
> > > Any more help would be extremely appreciated.
> > >
> > >
> > > On Sun, May 18, 2014 at 11:31 AM, Simo Sorce  wrote:
> > >
> > >> On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote:
> > >> > Let me be more specific... I just want to use my wildcard ssl for
> the
> > >> UI so
> > >> > that it doesn't give an error we you access it, anyone done this
> before?
> > >>
> > >> I think this has been posted on the list already, however all you need
> > >> to do is to replace the apache certs, they are in a nss database
> located
> > >> in /etc/httpd/alias, you can use certutil to deal with the database.
> > >>
> > >> HTH,
> > >> Simo.
> > >>
> > >> --
> > >> Simo Sorce * Red Hat, Inc * New York
> > >>
> > >>
> > >
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-19 Thread Simo Sorce 
On Sun, 2014-05-18 at 20:58 -0500, Chris Whittle wrote:
> Actually is this it?
> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP

I think so, yeah.

Simo.

> On Sun, May 18, 2014 at 8:31 PM, Chris Whittle  wrote:
> 
> > Thanks Simo, I'm finding a lot of posts on certs but none that really
> > tells me what I need to do...
> > Any more help would be extremely appreciated.
> >
> >
> > On Sun, May 18, 2014 at 11:31 AM, Simo Sorce  wrote:
> >
> >> On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote:
> >> > Let me be more specific... I just want to use my wildcard ssl for the
> >> UI so
> >> > that it doesn't give an error we you access it, anyone done this before?
> >>
> >> I think this has been posted on the list already, however all you need
> >> to do is to replace the apache certs, they are in a nss database located
> >> in /etc/httpd/alias, you can use certutil to deal with the database.
> >>
> >> HTH,
> >> Simo.
> >>
> >> --
> >> Simo Sorce * Red Hat, Inc * New York
> >>
> >>
> >


-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-19 Thread Chris Whittle 
All I am trying to fix right now is so when the user comes to the web ui
they have a valid cert.
On May 19, 2014 2:01 AM, "Martin Kosek"  wrote:

> On 05/17/2014 04:22 AM, Chris Whittle wrote:
> > I have an existing key and crt that has be successfully installed on
> other
> > subdomain servers... Where is the best place to start?
>
> To start what? :-) Without knowing what you want to achieve, I would like
> to
> point you to our training presentation describing different FreeIPA
> Certificate
> infrastructure integration procedures:
>
>
> http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf
>
> I would like to especially point you to the CA-less integration type.
>
> HTH,
> Martin
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-19 Thread Martin Kosek 
On 05/17/2014 04:22 AM, Chris Whittle wrote:
> I have an existing key and crt that has be successfully installed on other
> subdomain servers... Where is the best place to start?

To start what? :-) Without knowing what you want to achieve, I would like to
point you to our training presentation describing different FreeIPA Certificate
infrastructure integration procedures:

http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf

I would like to especially point you to the CA-less integration type.

HTH,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-18 Thread Chris Whittle 
Actually is this it?
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP


On Sun, May 18, 2014 at 8:31 PM, Chris Whittle  wrote:

> Thanks Simo, I'm finding a lot of posts on certs but none that really
> tells me what I need to do...
> Any more help would be extremely appreciated.
>
>
> On Sun, May 18, 2014 at 11:31 AM, Simo Sorce  wrote:
>
>> On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote:
>> > Let me be more specific... I just want to use my wildcard ssl for the
>> UI so
>> > that it doesn't give an error we you access it, anyone done this before?
>>
>> I think this has been posted on the list already, however all you need
>> to do is to replace the apache certs, they are in a nss database located
>> in /etc/httpd/alias, you can use certutil to deal with the database.
>>
>> HTH,
>> Simo.
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-18 Thread Chris Whittle 
Thanks Simo, I'm finding a lot of posts on certs but none that really tells
me what I need to do...
Any more help would be extremely appreciated.


On Sun, May 18, 2014 at 11:31 AM, Simo Sorce  wrote:

> On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote:
> > Let me be more specific... I just want to use my wildcard ssl for the UI
> so
> > that it doesn't give an error we you access it, anyone done this before?
>
> I think this has been posted on the list already, however all you need
> to do is to replace the apache certs, they are in a nss database located
> in /etc/httpd/alias, you can use certutil to deal with the database.
>
> HTH,
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-18 Thread Simo Sorce 
On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote:
> Let me be more specific... I just want to use my wildcard ssl for the UI so
> that it doesn't give an error we you access it, anyone done this before?

I think this has been posted on the list already, however all you need
to do is to replace the apache certs, they are in a nss database located
in /etc/httpd/alias, you can use certutil to deal with the database.

HTH,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-17 Thread Chris Whittle 
Let me be more specific... I just want to use my wildcard ssl for the UI so
that it doesn't give an error we you access it, anyone done this before?
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?

2014-05-16 Thread Chris Whittle 
I have an existing key and crt that has be successfully installed on other
subdomain servers... Where is the best place to start?
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users