Looking at migrating from a hodgepodge of 389 DS, kerberos-ldap, and custom
built things that manage our PKI and so on, to FreeIPA (which looks like it
can probably cover all our needs), and had a couple of SSL related

1) It looks like improvements are proposed for being able to generate
certificates from the web UI :

Does anyone know the status of such plans? I see some work was done over
the past year but I haven't been able to find anything obviously related to
adding such ability to the web UI. Having to use the command line tools is
not the end of the world, but being able to do it from the web UI would
make things easier sometimes ... I tried installing the latest release in a
Fedora VM but didn't see any way to generate the CSR itself from the Web UI.

2) What is the correct / recommended way to issue certificates to users for
use with OpenVPN? We would have both site to site VPNs which I assume would
be issued similar to a regular service/web server SSL certificate, as well
as certificates for individual users. Do we add the users
laptops/workstations as hosts in FreeIPA and then issue regular certs for
them that way, or is there a way to issue a cert for a user and tie it to
their identity (versus their laptop/workstation 's identity) ? Also, is
there a specific certificate 'profile' that should be used?

Thanks in advance
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to