On 03/27/2015 04:52 PM, Steve Neuharth wrote:

Is it possible or perhaps not recommended to use the dogtag API and/or UI on a FreeIPA system without using the freeIPA CLI or UI? I have a requirement to submit a certificate to a service without kerberos and without client software installed using a RESTful API. Dogtag API is very well documented and I do not want to associate all my certificates with a Kerberos principal because it adds complexity to the cert signing process. I just need to sign a cert without the FreeIPA overhead.

I tried to get to the Dogtag web UI through the url http://ipa.example.com/ca/ee/ca but I get an unauthenticated web page (no password prompt) and broken image links. This tells me that perhaps the Dogtag UI in a FreeIPA installation is not meant to be used without FreeIPA. Is that correct?

I know this is a weird use case and not necessarily a FreeIPA problem but if someone could advise, I'd greatly appreciate it.

For now you should use Dogtag by itself for this use case without IPA.
We are working on making it easier for this use case to be possible via IPA but it is not there yet.


Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to