On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek <mko...@redhat.com> wrote:
> On 02/06/2015 12:53 AM, Christopher Young wrote:
> > Obvious next question: Any plans to implement that functionality or
> > on how one might get some level of functionality for this? Would it be
> > possible to create another command-line based openssl CA that could issue
> > these but using IPA as the root CA for those?
> As for FreeIPA plans, we plan to vastly improve our flexibility to process
> certificates in next upstream version - FreeIPA 4.2. In next version, one
> should be able to create other certificate profiles (from FreeIPA default
> service cert profile) or even subCAs to do what you want.
nice. When do all these things land in RHEL?
> As for current workarounds, you would have to issue and sign a for example
> or openssl based subCA and then sign user certs there. But I would leave
> or Jan to tell if this would be really possible.
some examples on how to do that would be very helpful. I would love to
authenticate users to mysql using our CA, for instance.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project