[Freeipa-users] Re: Retrieve private key from CA chain
Sam Klein via FreeIPA-users wrote: > Hi Rob, > >> Need more context on what you're trying to do. > > I hope to use a key to identify each endpoint for a Cisco Identity Services > Engine. > > To do so, I need a private key. > > My hope was that IdM could automate this for me with a CA chain. > > Does this context help? So you need to generate certificate for the Cisco server. You need to generate your own private key and a CSR from that and submit it to IPA to issue the certificate. A certificate in IPA must be associated with an entry (host or service). So you'll need to create a host or service for the Cisco device and request the certificate against that host/service. rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Retrieve private key from CA chain
Hi Rob, > Need more context on what you're trying to do. I hope to use a key to identify each endpoint for a Cisco Identity Services Engine. To do so, I need a private key. My hope was that IdM could automate this for me with a CA chain. Does this context help? Sam ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: Retrieve private key from CA chain
Sam Klein via FreeIPA-users wrote: > Using certutil, I'm able to extract my localhost CA using this command. > > certutils -L -d dbm:/etc/ipa/nssdb -a -n 'Local IPA host' > > However, I need a signing key to create a private key. Is there a method to > extract a private key that signed my localhost CA from the endpoint, or does > this key exist on my server? Need more context on what you're trying to do. You shouldn't need direct access to the CA private key. rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org