On 04/25/2014 03:57 AM, Andrew Holway wrote:
What are the certs for?
At the moment for a third party application however we would like to
issue our own certs for everything SSL such as LDAPs or OpenVPN. It is
quite a powerful feature to be able to install an organisations root
key on a clients machine and then be able to bosh out certs at will
however I am still on an interesting journey understanding the
specific implications of this for the various client, operating
systems and browsers.
Thanks for the "certmonger" keyword :)
There are also some good docs and examples in the certmonger git repo in
docs folder and here.
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/certmongerX.html
Keep in mind that there are some limitations with what you want to
accomplish.
We are aware of it and want to address it. We just did not have a chance
to get our hands on it.
http://www.freeipa.org/page/V3/IPA_as_external_Puppet_CA
If they are for systems and services you might make you life simpler by
using certmonger on the system where your service will be running.
Assuming it is fedora, RHEL, CentOS and such (not sure about Debian and
Ubuntu, they might have certmonger too) you install ipa-client and it will
configure certmonger to use IPA. See certmonger man pages to get the certs
for the services.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
