Marc Schlinger wrote:
I tried to install freeipa with certs management. I did manage after a
1°) The installation was unable to finished on a french localized system.
The error at stage [3/15]: configuring certificate server instance was
java.utils.MissingResourceException can't find bundle for base name
LogMessages, locale fr_FR.UTF-8
full log at then end
It's a dogtag error but since I had it while installing freeipa, I
report it to you.
Finally, for the installation i used a fresh fedora 12 with en_US.UTF-8
locales, rpms version was 1.9.0GIT3620135-0.fc12,
and I activate the testing repos as advised in this thread:
[Freeipa-users] call implemented methods via xml-rpc.
Yes, I have this on my list to try to work around. I'm going to set the
en_US locale while we're installing dogtag, I just don't know what this
will do post-installation, if things will again blow up.
I opened a new bug on this against dogtag,
I tried to play a little with certificates mostly to replace puppet
certificate management by the freeipa ones
2°) I wasn't able to do a ipa cert-request
I had this error:
ipa: ERROR: Certificate operation cannot be completed: Failure decoding
Certificate Signing Request
It seems that it was a forgetten line in ipalib/pkcs10.py
here's the patch:
--- /tmp/pkcs10.py 2010-05-03 16:02:22.929018799 +0200
+++ ipalib/pkcs10.py 2010-05-03 16:02:09.855940583 +0200
@@ -52,6 +52,7 @@
Hmm. The python-pyasn1 x509.py sample has ia5string defined as well but
it isn't in RFC 3280 as a supported type for DirectoryString. I can go
ahead and add it in. Can you send me a certificate that is not being
parsed by the current pkcs10 module?
that's all for the report, now I have a question:
Is/Will freeipa integrate smart token authentication?
In this page : http://freeipa.org/page/Certificate_Management
You said that "There is no requirement to provision user certificates.".
Smart key authentication require user certificates.
We aren't planning on supporting client certificates for v2. We may add
support at some point but it hasn't been planned, designed, etc. Since
we use dogtag if/when we implement support for client certs then tokens
should be part of that.
Freeipa-users mailing list