On 02/06/2015 10:38 AM, Natxo Asenjo wrote:
On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek <mko...@redhat.com
<mailto:mko...@redhat.com>> wrote:
On 02/06/2015 12:53 AM, Christopher Young wrote:
> Obvious next question: Any plans to implement that
functionality or advice
> on how one might get some level of functionality for this?
Would it be
> possible to create another command-line based openssl CA that
could issue
> these but using IPA as the root CA for those?
As for FreeIPA plans, we plan to vastly improve our flexibility to
process
certificates in next upstream version - FreeIPA 4.2. In next
version, one
should be able to create other certificate profiles (from FreeIPA
default
service cert profile) or even subCAs to do what you want.
nice. When do all these things land in RHEL?
It we manage to land 4.2 in RHEL 7.2 then it will be there.
Time will show how successful we will be with this plan so no promises
so far.
As for current workarounds, you would have to issue and sign a for
example NSS
or openssl based subCA and then sign user certs there. But I would
leave Fraser
or Jan to tell if this would be really possible.
some examples on how to do that would be very helpful. I would love to
authenticate users to mysql using our CA, for instance.
--
regards,
natxo
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project