On 04/30/2015 06:52 PM, William Graboyes wrote:
I have to agree with Benjamen here.
I guess it is time to get deep into API documentation. This is a hell of a lot
of hoops to jump through just so that users who don't have shell access can
easily change their passwords without having to see a
hi,
On Fri, May 1, 2015 at 12:52 AM, William Graboyes
wrote:
>
> I guess it is time to get deep into API documentation. This is a hell of
> a lot of hoops to jump through just so that users who don't have shell
> access can easily change their passwords without having to see a scare
> page. Di
I have to agree with Benjamen here.
I guess it is time to get deep into API documentation. This is a hell of a lot
of hoops to jump through just so that users who don't have shell access can
easily change their passwords without having to see a scare page. Distributing
the IPA CA is not an op
With respect, neither option is realistic in the common case. Unless I'm
mistaken, a CA-less installation will break in ~1 year when host
certificates expire and are not automatically renewed via certmonger.
Option 2 (sub-CA) is, as far as I can tell, also not feasible since no
public CA will sell
On 04/30/2015 04:50 PM, William Graboyes wrote:
Let me ask this a different way.
What is the easiest method of using a trusted third party cert for the web UI?
Make IPA CA-less with just certs from that 3rd party CA installed or
make IPA trust that CA and be a sub CA.
https://access.redhat.
Let me ask this a different way.
What is the easiest method of using a trusted third party cert for the web UI?
Running IPA 4.1.0 on Centos 7.
Thanks,
Bill
On 4/30/15 1:44 PM, Rob Crittenden wrote:
> William Graboyes wrote:
> > Hi list,
> >
> > The end goal is to eliminate self signed certs from
William Graboyes wrote:
> Hi list,
>
> The end goal is to eliminate self signed certs from user interaction
> with FreeIPA, without having to roll out changes to each user in the
> house (and remote locations). So basically changing the CA to a
> trusted CA that will not bring "scare" the users w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi list,
The end goal is to eliminate self signed certs from user interaction
with FreeIPA, without having to roll out changes to each user in the
house (and remote locations). So basically changing the CA to a
trusted CA that will not bring "scare
William Graboyes wrote:
> Hi List,
>
> I am having yet another issue, when I run the following command:
> ipa-cacert-manage renew --external-ca
>
> It does output the CSR, however the CN is not a valid name
> (Certificate Authority). Is it possible to change the output of this
> command to use a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi List,
I am having yet another issue, when I run the following command:
ipa-cacert-manage renew --external-ca
It does output the CSR, however the CN is not a valid name
(Certificate Authority). Is it possible to change the output of this
command
10 matches
Mail list logo
