Hi,

3. August 2017 03:03, "Fraser Tweedale via FreeIPA-users" 
<freeipa-users@lists.fedorahosted.org>
schrieb:

> On Wed, Aug 02, 2017 at 11:11:09PM +0200, Jochen Hein via FreeIPA-users wrote:
>> I'm playing around with keycloak and wanted to use an SSL certificate
>> from IPA. I've looked around but didn't see any howto about using java
>> keytool with ipa-getcert. Has someone experience with it?
>> 
> Might as well jump straight to commands/logs :)

I did some more research yesterday and finally got a certificate
along the following lines:

- Generate a java keystore with keytool as described in the keycloak docs.
- Generate a csr with keytool and paste it into Freeipa.
- Got a certificate back from Freeipa.
- Import the certificate into keytool (again keycloak docs).

My first tries had the cert attributes wrong, but I think I now got it right,
but need to check with chrome to be sure. I'll post my steps later.

I was not successful in creating a certificate with ipa-getcert and
import the key into keytool. But I'll try to get something monitored by
certmonger - otherwise I'm sure the cert would expire... 

Jochen
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to