On Thu, Feb 05, 2015 at 03:12:17PM -0500, Christopher Young wrote:
> Some of this might be rudimentary, so I apologize if this is answered
> somewhere, though I've tried to search and have not had much luck...
> Basically, I would like to be able to issue user certificates (Subject:
> email@example.com) in order to use client SSL security on some
> things. I'm very new to FreeIPA, but have worked with external CAs in the
> past for similar requests, however this is my first entry into
> creating/running a localized CA within an organization.
> I was wondering if this is possible via the command line, and if so, how to
> go about submitting the request and receiving the certificate. Any
> guidance or assistance would be greatly appreciated!
I am working on features of Dogtag necessary for this and it will be
integrated in a future release of FreeIPA. For now, you could use
the Dogtag CA directly to issue user certificates.
> Additionally, just as a matter of cleanliness, is there any way possible to
> just completely wipe out the existence of a certificate/request from
> FreeIPA. I have done some trial-and-error and obviously have made mistakes
> that I'd prefer to clean up after. I've revoked those certs, however the
> perfectionist in me hates seeing them there. I'm quite certain the answer
> is 'no', but I thought I would ask anyway.
The answer is "no". Dogtag remembers all the certificates it
> Thanks for any assistance,
> Manage your subscription for the Freeipa-users mailing list:
> Go To http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project