[Freeipa-users] Extract user's private key from IdM

Hi, I am trying to achieve user authentication against IdM using user's certificate. User certificate is requested to the built-in CA within IdM and signed by it. I am able to download the user's public cert via the web UI, but how can I download the private key so I can define it in user's

[Freeipa-users] Re: Extract user's private key from IdM

HUANG, TONY via FreeIPA-users wrote: > Hi, > > I am trying to achieve user authentication against IdM using user's > certificate. User certificate is requested to the built-in CA within IdM > and signed by it. > > I am able to download the user's public cert via the web UI, but how can > I

[Freeipa-users] Re: backup / restore

Bonjour, Le 16/10/2023 à 21:13, Frederic Ayrault a écrit : Bonsoir, Le 13/10/2023 à 22:20, Rob Crittenden via FreeIPA-users a écrit : Frederic Ayrault via FreeIPA-users wrote: Done configuring certificate server (pki-tomcatd). ipaclient.install.ipa_certupdate: ERROR    failed to update

[Freeipa-users] Re: backup / restore

Frederic Ayrault wrote: > Bonjour, > > Le 16/10/2023 à 21:13, Frederic Ayrault a écrit : >> Bonsoir, >> >> >> Le 13/10/2023 à 22:20, Rob Crittenden via FreeIPA-users a écrit : >>> Frederic Ayrault via FreeIPA-users wrote: > Done configuring certificate server (pki-tomcatd). >

[Freeipa-users] Re: backup / restore

Le 17/10/2023 à 17:23, Rob Crittenden a écrit : So if I've followed this thread correctly, what you're doing is: - Taking replica ipa3? and forcibly disconnecting it from an existing IPA installation This is just because my IPA is in production so I removed ipa3 for the tests - Trying to

[Freeipa-users] Current best practice: Backup/Restore?

What's the 'current best practice' for what you might call a 'fully deployed' freeipa install (meaning one that uses DNSSEC and all the documented capability subsections)? From what I can tell, there are two approaches: Approach 1: Run it in a VM, then from time to time shut it down,

[Freeipa-users] Re: Extract user's private key from IdM

Hi Rob, The CSR is generated within the web UI by following this section "Web UI: Requesting new certificates" ( https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/certificates ) I am looking to perform an

[Freeipa-users] Re: Current best practice: Backup/Restore?

Thanks Rob Replies to questions interposed below. On 10/17/23 11:53, Rob Crittenden wrote: Harry G Coin via FreeIPA-users wrote: What's the 'current best practice' for what you might call a 'fully deployed' freeipa install (meaning one that uses DNSSEC and all the documented capability

[Freeipa-users] Re: Current best practice: Backup/Restore?

Harry G Coin via FreeIPA-users wrote: > What's the 'current best practice' for what you might call a 'fully > deployed' freeipa install (meaning one that uses DNSSEC and all the > documented capability subsections)? > > From what I can tell, there are two approaches: > > Approach 1: Run it in a

[Freeipa-users] Re: Current best practice: Backup/Restore?

On 17/10/2023 19.32, Harry G Coin via FreeIPA-users wrote: 'security' and 'other' seemingly 'unrelated'  'upgrades' to packages n levels deep but whose previously un-noticed freeipa killing race-condition or other bug manifests after the upgrade.  I find myself obligated to prevent any