On 02/06/2015 10:38 AM, Natxo Asenjo wrote:
On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek <mko...@redhat.com
On 02/06/2015 12:53 AM, Christopher Young wrote:
> Obvious next question: Any plans to implement that
functionality or advice
> on how one might get some level of functionality for this?
Would it be
> possible to create another command-line based openssl CA that
> these but using IPA as the root CA for those?
As for FreeIPA plans, we plan to vastly improve our flexibility to
certificates in next upstream version - FreeIPA 4.2. In next
should be able to create other certificate profiles (from FreeIPA
service cert profile) or even subCAs to do what you want.
nice. When do all these things land in RHEL?
It we manage to land 4.2 in RHEL 7.2 then it will be there.
Time will show how successful we will be with this plan so no promises
As for current workarounds, you would have to issue and sign a for
or openssl based subCA and then sign user certs there. But I would
or Jan to tell if this would be really possible.
some examples on how to do that would be very helpful. I would love to
authenticate users to mysql using our CA, for instance.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project