Hi Dmitri, I am interested in the renewal process, how would that happen for clients, and when would it happen?
On 11 September 2014 03:01, Dmitri Pal <d...@redhat.com> wrote: > On 09/10/2014 07:57 PM, William Graboyes wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Hi Dmitri, >> >> Production Environment is going to be RH 6.5, We are still evaluating >> the usage of systemd. More like we are taking a wait and see approach >> to to systemd, while actively testing it. >> > The command line options for chaining are there from day one. > So you would need to chain your production environment when you deploy it. > In future when you migrate to later versions (in couple of years or so) > you will be able to change the chaining using the new tools. Right now it > is a vary hard multi step manual procedure. This is why we developed the > tool. > But you should be all set for now. You would not need to change anything > for several years. > > Thanks > Dmitri > > > > Thanks, >> Bill >> >> On Wed Sep 10 16:49:24 2014, Dmitri Pal wrote: >> >>> On 09/10/2014 07:26 PM, William Graboyes wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA512 >>>> >>>> Hi Chris, >>>> >>>> Thank you for the suggestion. Looking at >>>> http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html >>>> >>>> Installing a new, third party cert requires a reinstall of IPA? IPA >>>> Devs, that is a bit silly don't you think? A year or two in the cert >>>> expires, now you have to start from scratch? I will wait for some form >>>> of response before I attempt at eating crow in front of management. >>>> >>>> I forgot to mention, free-ipa version ipa-server-3.0.0-37.el6.x86_64. >>>> >>> Since 3.0 internal certs are issued for 2 years and are renewed >>> automatically. The root cert is valid for more than two years (AFAIR >>> it is 20). >>> >>> >>> >>> >>>> >>>> On Wed Sep 10 15:55:56 2014, Chris Whittle wrote: >>>> >>>>> Search the list for a post by me and certs... Basically there is a >>>>> install >>>>> flag that will do all the work for you once you have it the cert in the >>>>> right format. >>>>> On Sep 10, 2014 5:53 PM, "William Graboyes" <wgrabo...@cenic.org> >>>>> wrote: >>>>> >>>>> ********* *BEGIN ENCRYPTED or SIGNED PART* ********* >>>>> >>>>> Hello list, >>>>> >>>>> I have been fruitlessly searching for some information, especially >>>>> related to Certs, namely how to replace the self signed certs with >>>>> certs from a trusted CA? As we are moving forward into >>>>> productionizing of our free-ipa install, I am finding information on >>>>> the net to be a bit lacking. There is also the possibility that I am >>>>> not looking in the right places, or using the correct search terms. >>>>> Any help on this front would be greatly appreciated. >>>>> >>>>> Thanks, >>>>> Bill >>>>> >>>>> >>>>> ********** *END ENCRYPTED or SIGNED PART* ********** >>>>> >>>>> -- >>>>>> Manage your subscription for the Freeipa-users mailing list: >>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>> Go To http://freeipa.org for more info on the project >>>>>> >>>>>> >>>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >>>> Comment: GPGTools - https://gpgtools.org >>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >>>> >>>> iQIcBAEBCgAGBQJUEN4JAAoJEJFMz73A1+zrjNAP/1aZOjhp6c6JwWXUjBE4Pt4i >>>> u6Z1BRFNYgIc5/aNsPAKrdzMqQgTjgWJvSh5UCON0VdmuIx7pQLP7nIlaCCXTRRK >>>> pKx2Cez5Ho7Lwlsb87WW3bzjcyKGX5Wd3+VJdQ6ugYJTpVS4gMxh8atZCV613EY6 >>>> FuMk1RS6qlWM2Ut3SjmaAZK3jTw2pUsJzW3zzB271i6sJqAMZTh7Lrie6QcGqAON >>>> eLGlWBZuCaeULUuQmArVZiP3qPnH5NuccvXLFVbX7D1+SM8XeLWrTklN1bfX2HF0 >>>> QCFlizb+bBga/d5cEaCv7R8v6m46R4wS779KSUV1jn9PpHISNcmLafv6dTAb6F+5 >>>> RBADwBP6coh5LrOJJh0pIByx9dYRbdif/BSH4VMcvfvFMs/EO1PAsGLWQPwoNfYO >>>> 0SzUV1R47JW9NGzeTxja+byKz9hwGtAT2FIw0NibR+M1FydPD9k3LTjTnQWgeSro >>>> ks3AUPDy/hj+E72QDORj+/Zvy3sw8wDFVRw2LH/jaDmWbWhZUG4riC3w2egPjcSK >>>> KIYQ7L/fdeN6S9jt8UcUf1YDHgfLU+iTgqyssr54RufVuM9iBNOkoWxxI0Q9oyMF >>>> NDKiOY8rs2rBu6x09NiHG0BoX1LQzrrKQFQ4ao48w2RH3ocFCgQbsEHZ18uIfo4Y >>>> CB5M63nykETHkkR3ZFkd >>>> =8T1Y >>>> -----END PGP SIGNATURE----- >>>> >>>> >>> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >> Comment: GPGTools - https://gpgtools.org >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iQIcBAEBCgAGBQJUEOV8AAoJEJFMz73A1+zrgwAQAJkx74MPOVvbnrG+dmY8w7ok >> J/6NWt9Rb/pS9gRrN7iFopni3BoHuLFC6ltwD6KoWllYClwoXke4T0FQ/nU6Ar6M >> tsuQMYxP0boxhQua2uF/kZ/atMolxoNMShNixXd4dnWtBlpl+R+V58FtfjSGfy49 >> qX2Ge6g6wEFATwKReM1KpKCFIfO/yq/wM4NLvvBd6WShJXh6TQBE44y9aXLLJIlP >> DApoLnMHaopNZITSNKt1t7dgw6ne9O370nQwOxR5L0peH8bxla0FLJ57vX+RCC0f >> 3EV/tQHKiXET1RqWE927tfPf171Xcq7sdjLRUL2JTVCK3zPZUuVg9WmuqrLUArhW >> f1XRpn1MM2e0xn18rvHfuRZr2IIUuPE+RfVcQMgEcgtSYuDNlVYCO/ONyTQHxJ/E >> JRkN6nDOZ1nlItJlrrT0MVgdMKQLG7IxkvOndGsyOShD/XvvjQYlQbDvRvodnAlc >> JUIlcC3PbGZh+CRymXzu6M7DYceE5rJ/HzbR1UAPM/dep1P6zA3WyTS15tzIJ93f >> pjLYTciDvPbTOfRTV+1PQvvVDbHZve34wcjGZHaqV35qUQwXcd/DQK18L8S7EmDx >> BeBmii/cX2qBSyzDNGgSjtBTh0AT67tpJQPnH7brsVc9S75+E/MyDqXZjqiJv/9N >> i22XgsD/iTzkP3o0OTjs >> =FKVl >> -----END PGP SIGNATURE----- >> >> > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project