Re: [Freeipa-users] Using IPA CA to sign SSL client certificates
On 08/28/2015 10:41 AM, Jan Pazdziora wrote: That's new feature in FreeIPA 4.2: http://www.freeipa.org/page/V4/User_Certificates I'm glad to see that's being added. I have IPA 3.0 on CentOS 6 (on a 32-bit system), so I won't be able to use that feature. I'm basically asking if there's a way to manually use the CA within my existing IPA install to manually create a certificate, in a way that is non-disruptive to IPA itself. I hope that makes sense. Thanks! -- Ian Pilcher arequip...@gmail.com I grew up before Mark Zuckerberg invented friendship -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Using IPA CA to sign SSL client certificates
On 08/28/2015 10:35 AM, Alexander Bokovoy wrote: This is all explained in the official guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/service-certificates.html I guess I should have been more clear. I need to create certificates for users, not services. -- Ian Pilcher arequip...@gmail.com I grew up before Mark Zuckerberg invented friendship -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Using IPA CA to sign SSL client certificates
On Fri, 28 Aug 2015, Ian Pilcher wrote: On 08/28/2015 10:35 AM, Alexander Bokovoy wrote: This is all explained in the official guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/service-certificates.html I guess I should have been more clear. I need to create certificates for users, not services. User certificates is a feature we added in FreeIPA 4.2. It is coming to Red Hat Enterprise Linux 7 updates and Fedora 'soon'. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Using IPA CA to sign SSL client certificates
I need to create a few client certificates, and I'd like to use my pre- existing IPA CA. Is there a simple way to do this? Thanks! -- Ian Pilcher arequip...@gmail.com I grew up before Mark Zuckerberg invented friendship -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Using IPA CA to sign SSL client certificates
On Fri, 28 Aug 2015, Ian Pilcher wrote: I need to create a few client certificates, and I'd like to use my pre- existing IPA CA. Is there a simple way to do this? This is all explained in the official guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/service-certificates.html -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Using IPA CA to sign SSL client certificates
On Fri, Aug 28, 2015 at 10:38:46AM -0500, Ian Pilcher wrote: On 08/28/2015 10:35 AM, Alexander Bokovoy wrote: This is all explained in the official guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/service-certificates.html I guess I should have been more clear. I need to create certificates for users, not services. That's new feature in FreeIPA 4.2: http://www.freeipa.org/page/V4/User_Certificates -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project