On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek <mko...@redhat.com> wrote:

> On 02/06/2015 12:53 AM, Christopher Young wrote:
> > Obvious next question:  Any plans to implement that functionality or
> advice
> > on how one might get some level of functionality for this?  Would it be
> > possible to create another command-line based openssl CA that could issue
> > these but using IPA as the root CA for those?
> As for FreeIPA plans, we plan to vastly improve our flexibility to process
> certificates in next upstream version - FreeIPA 4.2. In next version, one
> should be able to create other certificate profiles (from FreeIPA default
> service cert profile) or even subCAs to do what you want.
nice. When do all these things land in RHEL?

> As for current workarounds, you would have to issue and sign a for example
> or openssl based subCA and then sign user certs there. But I would leave
> Fraser
> or Jan to tell if this would be really possible.

some examples on how to do that would be very helpful. I would love to
authenticate users to mysql using our CA, for instance.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to