On Thu, Feb 05, 2015 at 03:12:17PM -0500, Christopher Young wrote:
> Some of this might be rudimentary, so I apologize if this is answered
> somewhere, though I've tried to search and have not had much luck...
> 
> Basically,  I would like to be able to issue user certificates (Subject:
> email=sblblabla@blabla.local) in order to use client SSL security on some
> things.  I'm very new to FreeIPA, but have worked with external CAs in the
> past for similar requests, however this is my first entry into
> creating/running a localized CA within an organization.
> 
> I was wondering if this is possible via the command line, and if so, how to
> go about submitting the request and receiving the certificate.  Any
> guidance or assistance would be greatly appreciated!
> 
Hi Christopher,

I am working on features of Dogtag necessary for this and it will be
integrated in a future release of FreeIPA.  For now, you could use
the Dogtag CA directly to issue user certificates.

> 
> Additionally, just as a matter of cleanliness, is there any way possible to
> just completely wipe out the existence of a certificate/request from
> FreeIPA.  I have done some trial-and-error and obviously have made mistakes
> that I'd prefer to clean up after.  I've revoked those certs, however the
> perfectionist in me hates seeing them there.  I'm quite certain the answer
> is 'no', but I thought I would ask anyway.
> 
The answer is "no".  Dogtag remembers all the certificates it
issues.

Regards,
Fraser

> Thanks for any assistance,
> 
> Chris

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to