Marc Schlinger wrote:

At last I did manage to create and use my certs, but with nss tools.

I've stop using openssl ones, since they are not integrated with freeipa. So I encounter no problems.

Last things I'd like to know. I've seen that I'was able to modify the content signed certs through this file


In this folder "/var/lib/pki-ca/profiles/ca/" there's a lots of cfg files, but I do not understant how to "choose" them when signing a request.

I'd need very specific certs for an application, specific extensions, but I don't want to add this extensions to all the certs that can be issued.

Any hints ?

Marc Schlinger

dogtag issues different types of certificates through the configuration files you're seeing. They call them profiles.

IPA supports only a single profile right now, the caIPAserviceCert profile.

Adding support for other profiles is possible but would require changes in both the IPA RA backend and in the IPA cert plugin. If you'd be interested in pursuing that I can give some guidance on how that might be done.


Freeipa-users mailing list

Reply via email to