On 16.9.2013 01:20, Andrew Lau wrote:


On Mon, Sep 16, 2013 at 4:23 AM, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:

    On 09/14/2013 04:00 AM, Andrew Lau wrote:
    Hi,

    I have a reverse proxy infront of many of my hosts, each of the
    virtual hosts have their own SSL cert, currently with FreeIPA I'm
    adding hosts for each virtual host and then creating a cert.

    From what I've found, it doesn't seem to be possible to do a
    wildcard ssl through FreeIPA, I tried exporting the ca root
    private key to manually sign a wildcard cert with no success. I
    may have done that wrong.

    Any suggestions?

    Is this what you are looking for?
    https://fedorahosted.org/freeipa/ticket/3475

    It is currently on a distant roadmap but help always welcome.


    Thanks,
    Andrew


    _______________________________________________
    Freeipa-users mailing list
    Freeipa-users@redhat.com  <mailto:Freeipa-users@redhat.com>
    https://www.redhat.com/mailman/listinfo/freeipa-users


    --
    Thank you,
    Dmitri Pal

    Sr. Engineering Manager for IdM portfolio
    Red Hat Inc.


    -------------------------------
    Looking to carve out IT costs?
    www.redhat.com/carveoutcosts/  <http://www.redhat.com/carveoutcosts/>



    _______________________________________________
    Freeipa-users mailing list
    Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    https://www.redhat.com/mailman/listinfo/freeipa-users


Yeah.

Is there any way of manually doing that now by pulling the root ca and
key out to sign a cert?

You can do it manually via Dogtag.

First, import the client cert from /root/ca-agent.p12 found on your IPA server to your web browser.

Then, navigate your web browser to https://ipaserver:8443/ca/ee/ca/profileSelect?profileId=caServerCert, paste the wildcard CSR in the form and submit it.

Then, navigate your web browser to https://ipaserver:8443/ca/agent/ca/listRequests.html, find your request and approve it. This should give you the signed certificate.

Honza

--
Jan Cholasta

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to