Marc Schlinger wrote:
At last I did manage to create and use my certs, but with nss tools.
I've stop using openssl ones, since they are not integrated with
freeipa. So I encounter no problems.
Last things I'd like to know. I've seen that I'was able to modify the
content signed certs through this file
In this folder "/var/lib/pki-ca/profiles/ca/" there's a lots of cfg
files, but I do not understant how to "choose" them when signing a request.
I'd need very specific certs for an application, specific extensions,
but I don't want to add this extensions to all the certs that can be
Any hints ?
dogtag issues different types of certificates through the configuration
files you're seeing. They call them profiles.
IPA supports only a single profile right now, the caIPAserviceCert profile.
Adding support for other profiles is possible but would require changes
in both the IPA RA backend and in the IPA cert plugin. If you'd be
interested in pursuing that I can give some guidance on how that might
Freeipa-users mailing list