Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
On 05/19/2014 06:43 AM, Chris Whittle wrote: All I am trying to fix right now is so when the user comes to the web ui they have a valid cert. Then you need to put the IPA cert into the trusted cert store. Its location depends upon the version of the client system you are using. On May 19, 2014 2:01 AM, Martin Kosek mko...@redhat.com mailto:mko...@redhat.com wrote: On 05/17/2014 04:22 AM, Chris Whittle wrote: I have an existing key and crt that has be successfully installed on other subdomain servers... Where is the best place to start? To start what? :-) Without knowing what you want to achieve, I would like to point you to our training presentation describing different FreeIPA Certificate infrastructure integration procedures: http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf I would like to especially point you to the CA-less integration type. HTH, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
If anyone is looking for this check out http://stackoverflow.com/questions/23374894/mod-nss-with-apache-public-certificate-issue?noredirect=1#comment36504881_23374894 It worked great with the caveat or needing the NSS Database Password which was in /etc/httpd/alias/pwdfile.txt (per http://www.freeipa.org/page/V3/Drop_selfsign_functionality) Thanks On Mon, May 19, 2014 at 7:15 AM, Simo Sorce s...@redhat.com wrote: On Sun, 2014-05-18 at 20:58 -0500, Chris Whittle wrote: Actually is this it? http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP I think so, yeah. Simo. On Sun, May 18, 2014 at 8:31 PM, Chris Whittle cwhi...@gmail.com wrote: Thanks Simo, I'm finding a lot of posts on certs but none that really tells me what I need to do... Any more help would be extremely appreciated. On Sun, May 18, 2014 at 11:31 AM, Simo Sorce s...@redhat.com wrote: On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote: Let me be more specific... I just want to use my wildcard ssl for the UI so that it doesn't give an error we you access it, anyone done this before? I think this has been posted on the list already, however all you need to do is to replace the apache certs, they are in a nss database located in /etc/httpd/alias, you can use certutil to deal with the database. HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
On 05/17/2014 04:22 AM, Chris Whittle wrote: I have an existing key and crt that has be successfully installed on other subdomain servers... Where is the best place to start? To start what? :-) Without knowing what you want to achieve, I would like to point you to our training presentation describing different FreeIPA Certificate infrastructure integration procedures: http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf I would like to especially point you to the CA-less integration type. HTH, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
All I am trying to fix right now is so when the user comes to the web ui they have a valid cert. On May 19, 2014 2:01 AM, Martin Kosek mko...@redhat.com wrote: On 05/17/2014 04:22 AM, Chris Whittle wrote: I have an existing key and crt that has be successfully installed on other subdomain servers... Where is the best place to start? To start what? :-) Without knowing what you want to achieve, I would like to point you to our training presentation describing different FreeIPA Certificate infrastructure integration procedures: http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf I would like to especially point you to the CA-less integration type. HTH, Martin ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
On Sun, 2014-05-18 at 20:58 -0500, Chris Whittle wrote: Actually is this it? http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP I think so, yeah. Simo. On Sun, May 18, 2014 at 8:31 PM, Chris Whittle cwhi...@gmail.com wrote: Thanks Simo, I'm finding a lot of posts on certs but none that really tells me what I need to do... Any more help would be extremely appreciated. On Sun, May 18, 2014 at 11:31 AM, Simo Sorce s...@redhat.com wrote: On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote: Let me be more specific... I just want to use my wildcard ssl for the UI so that it doesn't give an error we you access it, anyone done this before? I think this has been posted on the list already, however all you need to do is to replace the apache certs, they are in a nss database located in /etc/httpd/alias, you can use certutil to deal with the database. HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote: Let me be more specific... I just want to use my wildcard ssl for the UI so that it doesn't give an error we you access it, anyone done this before? I think this has been posted on the list already, however all you need to do is to replace the apache certs, they are in a nss database located in /etc/httpd/alias, you can use certutil to deal with the database. HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
Thanks Simo, I'm finding a lot of posts on certs but none that really tells me what I need to do... Any more help would be extremely appreciated. On Sun, May 18, 2014 at 11:31 AM, Simo Sorce s...@redhat.com wrote: On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote: Let me be more specific... I just want to use my wildcard ssl for the UI so that it doesn't give an error we you access it, anyone done this before? I think this has been posted on the list already, however all you need to do is to replace the apache certs, they are in a nss database located in /etc/httpd/alias, you can use certutil to deal with the database. HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
Actually is this it? http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP On Sun, May 18, 2014 at 8:31 PM, Chris Whittle cwhi...@gmail.com wrote: Thanks Simo, I'm finding a lot of posts on certs but none that really tells me what I need to do... Any more help would be extremely appreciated. On Sun, May 18, 2014 at 11:31 AM, Simo Sorce s...@redhat.com wrote: On Sat, 2014-05-17 at 13:26 -0500, Chris Whittle wrote: Let me be more specific... I just want to use my wildcard ssl for the UI so that it doesn't give an error we you access it, anyone done this before? I think this has been posted on the list already, however all you need to do is to replace the apache certs, they are in a nss database located in /etc/httpd/alias, you can use certutil to deal with the database. HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Have existing wildcard SSL from RapidSSL how to implement?
Let me be more specific... I just want to use my wildcard ssl for the UI so that it doesn't give an error we you access it, anyone done this before? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users