Obvious next question: Any plans to implement that functionality or advice
on how one might get some level of functionality for this? Would it be
possible to create another command-line based openssl CA that could issue
these but using IPA as the root CA for those?
I'm just trying to provide a solution for situations where we would like to
utilize client/user cert authentication for situations like secure apache
directory access as well as user VPN certificates. Any advise or ideas are
On Thu, Feb 5, 2015 at 4:09 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Christopher Young wrote:
> > Some of this might be rudimentary, so I apologize if this is answered
> > somewhere, though I've tried to search and have not had much luck...
> > Basically, I would like to be able to issue user certificates (Subject:
> > firstname.lastname@example.org) in order to use client SSL security on
> > some things. I'm very new to FreeIPA, but have worked with external CAs
> > in the past for similar requests, however this is my first entry into
> > creating/running a localized CA within an organization.
> IPA doesn't issue user certificates yet, only server certificates.
> > I was wondering if this is possible via the command line, and if so, how
> > to go about submitting the request and receiving the certificate. Any
> > guidance or assistance would be greatly appreciated!
> > Additionally, just as a matter of cleanliness, is there any way possible
> > to just completely wipe out the existence of a certificate/request from
> > FreeIPA. I have done some trial-and-error and obviously have made
> > mistakes that I'd prefer to clean up after. I've revoked those certs,
> > however the perfectionist in me hates seeing them there. I'm quite
> > certain the answer is 'no', but I thought I would ask anyway.
> Right, the answer is no. In fact it is a good thing that all
> certificates are accounted for.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project