subject:"\[Freeipa\-users\] Re\: CentOS 7 Letsencrypt CA"

[Freeipa-users] Re: CentOS 7 Letsencrypt CA

2017-05-25 Thread Fraser Tweedale via FreeIPA-users

On Thu, May 25, 2017 at 01:39:46PM +0200, Günther J. Niederwimmer via 
FreeIPA-users wrote:
> Hello,
> 
> after the mistake with Startcom CA (Class 3), now I look for a new 
> Certificate..
> 
> Is it possible and functional to install a Letsencrypt CA on a IPA-Server?
> 
> I have found a script on "github" to install a Letsencript CA for FreeIPA 
> (fedora), but can any tell me is this working with CentOS 7.(3).
> 
> Thanks for a answer,
> 
Hi,

Let's Encrypt is a trusted public CA; you can only acquire leaf
certificates for TLS servers from Let's Encrypt.  You cannot acquire
a CA certificate from Let's Encrypt.

The script you found must be for acquiring service certificates from
Let's Encrypt, for IPA-enrolled hosts/services.  I do not know if it
works with CentOS 7, but if it works with FreeIPA 4.x on Fedora, it
will probably work with ipa-4.x on CentOS 7.

Thanks,
Fraser
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: CentOS 7 Letsencrypt CA

2017-05-25 Thread Bitskrieg via FreeIPA-users


Günther,

The script from github works fine 
(https://github.com/freeipa/freeipa-letsencrypt).  We use it in production 
on CentOS 7.  Keep in mind the script by will only configure the 
certificate for the web ui, and not LDAP/s.  You will need a separate 
process for that.


Chris


On May 25, 2017 7:40:25 AM "Günther J. Niederwimmer via FreeIPA-users" 
 wrote:



Hello,

after the mistake with Startcom CA (Class 3), now I look for a new
Certificate..

Is it possible and functional to install a Letsencrypt CA on a IPA-Server?

I have found a script on "github" to install a Letsencript CA for FreeIPA
(fedora), but can any tell me is this working with CentOS 7.(3).

Thanks for a answer,

--
mit freundlichen Grüssen / best regards

  Günther J. Niederwimmer
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: CentOS 7 Letsencrypt CA

2017-05-25 Thread John Keates via FreeIPA-users

Hi,

Instead of using the Let’s Encrypt thing on the IPA server itself, I often just 
use it on a reverse proxy. This way the end-users see the verified CA and 
FreeIPA can keep doing it’s business.
I tried to use ACME on the IPA server in the past, but it wasn’t very well 
integrated and caused problems. Since only web-facing elements benefit from 
external CA signed certificates (for users that access it but don’t have the CA 
on their machine), it doesn’t actually need to be integrated with the rest of 
IPA.

John

> On 25 May 2017, at 13:39, Günther J. Niederwimmer via FreeIPA-users 
>  wrote:
> 
> Hello,
> 
> after the mistake with Startcom CA (Class 3), now I look for a new 
> Certificate..
> 
> Is it possible and functional to install a Letsencrypt CA on a IPA-Server?
> 
> I have found a script on "github" to install a Letsencript CA for FreeIPA 
> (fedora), but can any tell me is this working with CentOS 7.(3).
> 
> Thanks for a answer,
> 
> -- 
> mit freundlichen Grüssen / best regards
> 
>  Günther J. Niederwimmer
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: CentOS 7 Letsencrypt CA

[Freeipa-users] Re: CentOS 7 Letsencrypt CA

[Freeipa-users] Re: CentOS 7 Letsencrypt CA

3 matches

Site Navigation

Mail list logo

Footer information