Looking at migrating from a hodgepodge of 389 DS, kerberos-ldap, and custom built things that manage our PKI and so on, to FreeIPA (which looks like it can probably cover all our needs), and had a couple of SSL related questions.
1) It looks like improvements are proposed for being able to generate certificates from the web UI : https://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation#FreeIPA_Web_UI Does anyone know the status of such plans? I see some work was done over the past year but I haven't been able to find anything obviously related to adding such ability to the web UI. Having to use the command line tools is not the end of the world, but being able to do it from the web UI would make things easier sometimes ... I tried installing the latest release in a Fedora VM but didn't see any way to generate the CSR itself from the Web UI. 2) What is the correct / recommended way to issue certificates to users for use with OpenVPN? We would have both site to site VPNs which I assume would be issued similar to a regular service/web server SSL certificate, as well as certificates for individual users. Do we add the users laptops/workstations as hosts in FreeIPA and then issue regular certs for them that way, or is there a way to issue a cert for a user and tie it to their identity (versus their laptop/workstation 's identity) ? Also, is there a specific certificate 'profile' that should be used? Thanks in advance
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
