Re: [Freeipa-users] Wildcard SSL

2013-09-23 Thread Jan Cholasta

On 16.9.2013 01:20, Andrew Lau wrote:


On Mon, Sep 16, 2013 at 4:23 AM, Dmitri Pal d...@redhat.com
mailto:d...@redhat.com wrote:

On 09/14/2013 04:00 AM, Andrew Lau wrote:

Hi,

I have a reverse proxy infront of many of my hosts, each of the
virtual hosts have their own SSL cert, currently with FreeIPA I'm
adding hosts for each virtual host and then creating a cert.

From what I've found, it doesn't seem to be possible to do a
wildcard ssl through FreeIPA, I tried exporting the ca root
private key to manually sign a wildcard cert with no success. I
may have done that wrong.

Any suggestions?


Is this what you are looking for?
https://fedorahosted.org/freeipa/ticket/3475

It is currently on a distant roadmap but help always welcome.



Thanks,
Andrew


___
Freeipa-users mailing list
Freeipa-users@redhat.com  mailto:Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/  http://www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Yeah.

Is there any way of manually doing that now by pulling the root ca and
key out to sign a cert?


You can do it manually via Dogtag.

First, import the client cert from /root/ca-agent.p12 found on your IPA 
server to your web browser.


Then, navigate your web browser to 
https://ipaserver:8443/ca/ee/ca/profileSelect?profileId=caServerCert, 
paste the wildcard CSR in the form and submit it.


Then, navigate your web browser to 
https://ipaserver:8443/ca/agent/ca/listRequests.html, find your request 
and approve it. This should give you the signed certificate.


Honza

--
Jan Cholasta

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Wildcard SSL

2013-09-15 Thread Dmitri Pal
On 09/14/2013 04:00 AM, Andrew Lau wrote:
 Hi,

 I have a reverse proxy infront of many of my hosts, each of the
 virtual hosts have their own SSL cert, currently with FreeIPA I'm
 adding hosts for each virtual host and then creating a cert.

 From what I've found, it doesn't seem to be possible to do a wildcard
 ssl through FreeIPA, I tried exporting the ca root private key to
 manually sign a wildcard cert with no success. I may have done that wrong.

 Any suggestions?

Is this what you are looking for?
https://fedorahosted.org/freeipa/ticket/3475

It is currently on a distant roadmap but help always welcome.


 Thanks,
 Andrew


 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Wildcard SSL

2013-09-15 Thread Andrew Lau
On Mon, Sep 16, 2013 at 4:23 AM, Dmitri Pal d...@redhat.com wrote:

  On 09/14/2013 04:00 AM, Andrew Lau wrote:

  Hi,

  I have a reverse proxy infront of many of my hosts, each of the virtual
 hosts have their own SSL cert, currently with FreeIPA I'm adding hosts for
 each virtual host and then creating a cert.

  From what I've found, it doesn't seem to be possible to do a wildcard
 ssl through FreeIPA, I tried exporting the ca root private key to manually
 sign a wildcard cert with no success. I may have done that wrong.

  Any suggestions?


 Is this what you are looking for?
 https://fedorahosted.org/freeipa/ticket/3475

 It is currently on a distant roadmap but help always welcome.


  Thanks,
 Andrew


 ___
 Freeipa-users mailing 
 listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users



 --
 Thank you,
 Dmitri Pal

 Sr. Engineering Manager for IdM portfolio
 Red Hat Inc.


 ---
 Looking to carve out IT costs?www.redhat.com/carveoutcosts/


 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


Yeah.

Is there any way of manually doing that now by pulling the root ca and key
out to sign a cert?
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users