On Tue, Feb 16, 2021 at 09:52:27AM -0500, Bret Wortman wrote:
> I found my error and got past this and completed the rest of the
> steps up to setting up the new server. Is there an easy way to
> test a certificate granted by their CA to see if it's now going to
> be accepted on a system where IPA'
On Tue, Feb 16, 2021 at 09:23:23AM -0500, Bret Wortman wrote:
> Because the full CN is actually "damascusgrp.com DG Web Team Root
> CA", does that complicate this or do I just need to find a way to
> add all that as a host?
I'm sorry. Yes it does. I misread the DN! My apologies.
I will think
Because the full CN is actually "damascusgrp.com DG Web Team Root CA", does
that complicate this or do I just need to find a way to add all that as a host?
--
Bret Wortman
bret.wort...@damascusgrp.com
On Tue, Feb 16, 2021, at 8:06 AM, Bret Wortman wrote:
> I may well have messed this up, b
I found my error and got past this and completed the rest of the steps up to
setting up the new server. Is there an easy way to test a certificate granted
by their CA to see if it's now going to be accepted on a system where IPA's
root CA certificate is present but their Root CA is not? I'd like
I may well have messed this up, but here's what I've done:
# ipa host-add --force damascusgrp.com
Added host "damascusgrp.com"
Host name: damascusgrp.com
Principal name: host/damascusgrp@damascusgrp.com
Principal alias: host/damas
Just to be clear, I'm going to follow the steps, but instead of setting up
sub.ipa.local, I'm going to instead use simply "damascusgrp.com", yielding a
principal named host/damascusgrp@damascusgrp.com, right? And then proceed
through the rest of the steps.
--
Bret Wortman
bret.wort...
Okay, I'll give it a try. Thanks!
--
Bret Wortman
bret.wort...@damascusgrp.com
On Tue, Feb 16, 2021, at 6:59 AM, Fraser Tweedale wrote:
> On Tue, Feb 16, 2021 at 05:53:31AM -0500, Bret Wortman wrote:
> > Fraser,
> >
> > It doesn't look like we fit the model. Our IPA CA's cert is as
> > exp
Fraser,
It doesn't look like we fit the model. Our IPA CA's cert is as expected, but
the other one is:
$ openssl x509 -noout -in web-ca.crt -issuer
issuer= /C=US/ST=VA/L=Fairfax/O=DG Web Team/OU=DG/CN=damascusgrp.com DG Web
Team Root CA
Since I don't see a hostname in there anywhere (and in fa
On Tue, Feb 16, 2021 at 05:53:31AM -0500, Bret Wortman wrote:
> Fraser,
>
> It doesn't look like we fit the model. Our IPA CA's cert is as
> expected, but the other one is:
>
> $ openssl x509 -noout -in web-ca.crt -issuer issuer=
> /C=US/ST=VA/L=Fairfax/O=DG Web Team/OU=DG/CN=damascusgrp.com DG
>
On Mon, Feb 15, 2021 at 10:10:59AM -0500, Bret Wortman via FreeIPA-users wrote:
> We had a developer team deploy their own CA and then issue a slew
> of certificates for users' workstations and other servers, and now
> they want us to deploy those certificates more widely. I'd rather
> find a way t
10 matches
Mail list logo