Re: [Freeipa-users] User certificates with FreeIPA and another question.

I actually think I can get this going at this time if I can just figure out how to submit a subca csr to dogtag, sign it, and acquire it. Documentation on that seems to be hard to come by, but I'm digging to avoid eating up this thread (and trying to RTFM where possible). I still stand by my reque

Re: [Freeipa-users] User certificates with FreeIPA and another question.

Would anyone happen to have any guides on how one could get through this process? I'm a one-man IT shop at the moment, so I'm building up a tremendous amount of infrastructure at once. I'm thinking that the option of creating a subCA with something simple like openssl would be the best option, bu

Re: [Freeipa-users] User certificates with FreeIPA and another question.

On 02/06/2015 10:38 AM, Natxo Asenjo wrote: On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek > wrote: On 02/06/2015 12:53 AM, Christopher Young wrote: > Obvious next question: Any plans to implement that functionality or advice > on how one might get some l

Re: [Freeipa-users] User certificates with FreeIPA and another question.

On Fri, Feb 06, 2015 at 03:30:34PM +0100, Martin Kosek wrote: > On 02/06/2015 12:53 AM, Christopher Young wrote: > > Obvious next question: Any plans to implement that functionality or advice > > on how one might get some level of functionality for this? Would it be > > possible to create another

Re: [Freeipa-users] User certificates with FreeIPA and another question.

On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek wrote: > On 02/06/2015 12:53 AM, Christopher Young wrote: > > Obvious next question: Any plans to implement that functionality or > advice > > on how one might get some level of functionality for this? Would it be > > possible to create another comma

Re: [Freeipa-users] User certificates with FreeIPA and another question.

On 02/06/2015 12:53 AM, Christopher Young wrote: > Obvious next question: Any plans to implement that functionality or advice > on how one might get some level of functionality for this? Would it be > possible to create another command-line based openssl CA that could issue > these but using IPA

Re: [Freeipa-users] User certificates with FreeIPA and another question.

Obvious next question: Any plans to implement that functionality or advice on how one might get some level of functionality for this? Would it be possible to create another command-line based openssl CA that could issue these but using IPA as the root CA for those? I'm just trying to provide a s

Re: [Freeipa-users] User certificates with FreeIPA and another question.

Christopher Young wrote: > Some of this might be rudimentary, so I apologize if this is answered > somewhere, though I've tried to search and have not had much luck... > > Basically, I would like to be able to issue user certificates (Subject: > email=sblblabla@blabla.local) in order to use clien

[Freeipa-users] User certificates with FreeIPA and another question.

Some of this might be rudimentary, so I apologize if this is answered somewhere, though I've tried to search and have not had much luck... Basically, I would like to be able to issue user certificates (Subject: email=sblblabla@blabla.local) in order to use client SSL security on some things. I'm