subject:"Re\: \[Freeipa\-users\] Using 3rd party certificates for HTTP\/LDAP"

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP (again) (SOLVED)

2016-07-06 Thread Bjarne Blichfeldt

@redhat.com Subject: Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP (again) Following this thread from January: https://www.redhat.com/archives/freeipa-users/2016-January/msg00223.html I am trying to accomplish the same, but seems to be stuck. My environment is: # cat /etc/redhat

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP (again)

2016-06-23 Thread Bjarne Blichfeldt

Following this thread from January: https://www.redhat.com/archives/freeipa-users/2016-January/msg00223.html I am trying to accomplish the same, but seems to be stuck. My environment is: # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo) # ipa ping

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-04-26 Thread Bjarne Blichfeldt

This is a follow-up to https://www.redhat.com/archives/freeipa-users/2016-January/msg00023.html From: Jan Cholasta Peter Pakos , freeipa-users redhat com My question is, what is the correct way of installing a 3rd party certificate for HTTP/LDAP that will

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-24 Thread Peter Pakos

Hi, I now have 3rd party SSL certificate successfully installed for LDAP and HTTP but I'm having issues with joining new clients to FreeIPA servers. When I run "ipa-client-install --mkhomedir" on Centos 6 machine I get the following error: "Joining realm failed: libcurl failed to execute

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-18 Thread Jan Cholasta

On 18.1.2016 09:07, Martin Kosek wrote: On 01/15/2016 05:34 PM, Peter Pakos wrote: On 15/01/2016 15:55, Rob Crittenden wrote: I've re-run ipa-certupdate in verbose mode and I could see that it removes all certificates in different databases (/etc/httpd/alias, /etc/pki/nssdb,

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-18 Thread Martin Kosek

On 01/15/2016 05:34 PM, Peter Pakos wrote: > On 15/01/2016 15:55, Rob Crittenden wrote: >>> I've re-run ipa-certupdate in verbose mode and I could see that it >>> removes all certificates in different databases (/etc/httpd/alias, >>> /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-18 Thread Peter Pakos

On 18/01/2016 08:15, Jan Cholasta wrote: CCing Honza. Do we have all the respective tickets filed, so that we can improve and speed up the user experience? There's for automatic CA certificate distribution and

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-15 Thread Rob Crittenden

Peter Pakos wrote: > On 14/01/2016 18:51, Rob Crittenden wrote: >> You need to add the new root certs to the pki NSS database. > > As far as I can see those 3 new CA certs are already in the database > (unless you're talking about a different db): > > $ certutil -d /etc/pki/nssdb/ -L > >

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-15 Thread Peter Pakos

On 15/01/2016 15:04, Rob Crittenden wrote: Discussed in IRC last night but for the sake of history, he needed to add the CA's to the dogtag NSS database in /var/lib/pki/pki-tomcat/alias/ with a trust of C,,. Yes, I added new root certificates to /etc/pki/pki-tomcat/alias and I was able to

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-15 Thread Rob Crittenden

Peter Pakos wrote: > On 15/01/2016 15:04, Rob Crittenden wrote: >> Discussed in IRC last night but for the sake of history, he needed to >> add the CA's to the dogtag NSS database in >> /var/lib/pki/pki-tomcat/alias/ with a trust of C,,. > > Yes, I added new root certificates to

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-15 Thread Peter Pakos

On 15/01/2016 15:55, Rob Crittenden wrote: I've re-run ipa-certupdate in verbose mode and I could see that it removes all certificates in different databases (/etc/httpd/alias, /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart from /etc/pki/pki-tomcat/alias). Yup, looks

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-14 Thread Peter Pakos

On 04/01/2016 12:44, Jan Cholasta wrote: 1. Install the CA certificate chain of the issuer of the 3rd party certificate to IPA using "ipa-cacert-manage install" I have a wildcard SSL certificate from Gandi, the whole certificate chain looks like this: AddTrust.pem ->

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-14 Thread Peter Pakos

On 14/01/2016 18:51, Rob Crittenden wrote: You need to add the new root certs to the pki NSS database. As far as I can see those 3 new CA certs are already in the database (unless you're talking about a different db): $ certutil -d /etc/pki/nssdb/ -L Certificate Nickname

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-10 Thread Petr Spacek

On 10.1.2016 22:21, Peter Pakos wrote: > On 04/01/2016 12:44, Jan Cholasta wrote: >>> My question is, what is the correct way of installing a 3rd party >>> certificate for HTTP/LDAP that will actually work? >> >> 1. Install the CA certificate chain of the issuer of the 3rd party >> certificate to

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-10 Thread Peter Pakos

On 04/01/2016 12:44, Jan Cholasta wrote: My question is, what is the correct way of installing a 3rd party certificate for HTTP/LDAP that will actually work? 1. Install the CA certificate chain of the issuer of the 3rd party certificate to IPA using "ipa-cacert-manage install" 2. Run

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-04 Thread Jan Cholasta

Hi Peter, On 21.12.2015 17:43, Peter Pakos wrote: Hi, I tried to install a wildcard SSL certificate for HTTP/LDAP in our FreeIPA 4.1 (Centos 7.1) installation by following instructions from wiki page at http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP: Unfortunately

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-04 Thread Peter Pakos

Hi Jan, On 04/01/2016 12:44, Jan Cholasta wrote: 1. Install the CA certificate chain of the issuer of the 3rd party certificate to IPA using "ipa-cacert-manage install" 2. Run "ipa-certupdate" to update CA certificate related IPA configuration. 3. Manually import the server certificate

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

2016-01-04 Thread Jan Cholasta

On 4.1.2016 14:10, Peter Pakos wrote: Hi Jan, On 04/01/2016 12:44, Jan Cholasta wrote: 1. Install the CA certificate chain of the issuer of the 3rd party certificate to IPA using "ipa-cacert-manage install" 2. Run "ipa-certupdate" to update CA certificate related IPA configuration. 3.

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP (again) (SOLVED)

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP (again)

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

Re: [Freeipa-users] Using 3rd party certificates for HTTP/LDAP

18 matches

Site Navigation

Mail list logo

Footer information