Got a strange one for the list ...
I've got a lovely multi-region replicating FreeIPA cluster spanning a
few AWS VPCs that is doing a fantastic job stitching together a complex
Active Directory topology
Now, however I have a need to support clients in a different, less
trusted VPC and the firewall people want to do a MiTM attack on the
TLS/HTTPS streams so they can intercept, decrypt and monitor HTTPS
traffic -- including apparently to and from the IPA nodes.
They want the SSL cert and key used by the HTTPS interface on the IPA
systems so they can set up the intercept properly.
My main question -- how do I properly extract the key and certificate
from FreeIPA?
From reading and poking around it looks like the certs I want are in
/etc/httpd/alias but must be access by the 'certutil' utility which
seems .. under documented ... both in the IPA docs as well as from what
I can tell online.
I'm sort of terrified of breaking my installation by screwing up
certificate work.
Can anyone provide tips, URLs or a cheatsheet for pulling SSL
certificates and keys out of FreeIPA? Particularly the cert and key that
is used on the HTTPS TCP:443 interface?
Thanks!
Chris
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
