Re: [Freeipa-users] Wildcard SSL
On 16.9.2013 01:20, Andrew Lau wrote: On Mon, Sep 16, 2013 at 4:23 AM, Dmitri Pal d...@redhat.com mailto:d...@redhat.com wrote: On 09/14/2013 04:00 AM, Andrew Lau wrote: Hi, I have a reverse proxy infront of many of my hosts, each of the virtual hosts have their own SSL cert, currently with FreeIPA I'm adding hosts for each virtual host and then creating a cert. From what I've found, it doesn't seem to be possible to do a wildcard ssl through FreeIPA, I tried exporting the ca root private key to manually sign a wildcard cert with no success. I may have done that wrong. Any suggestions? Is this what you are looking for? https://fedorahosted.org/freeipa/ticket/3475 It is currently on a distant roadmap but help always welcome. Thanks, Andrew ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com mailto:Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users Yeah. Is there any way of manually doing that now by pulling the root ca and key out to sign a cert? You can do it manually via Dogtag. First, import the client cert from /root/ca-agent.p12 found on your IPA server to your web browser. Then, navigate your web browser to https://ipaserver:8443/ca/ee/ca/profileSelect?profileId=caServerCert, paste the wildcard CSR in the form and submit it. Then, navigate your web browser to https://ipaserver:8443/ca/agent/ca/listRequests.html, find your request and approve it. This should give you the signed certificate. Honza -- Jan Cholasta ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Wildcard SSL
On 09/14/2013 04:00 AM, Andrew Lau wrote: Hi, I have a reverse proxy infront of many of my hosts, each of the virtual hosts have their own SSL cert, currently with FreeIPA I'm adding hosts for each virtual host and then creating a cert. From what I've found, it doesn't seem to be possible to do a wildcard ssl through FreeIPA, I tried exporting the ca root private key to manually sign a wildcard cert with no success. I may have done that wrong. Any suggestions? Is this what you are looking for? https://fedorahosted.org/freeipa/ticket/3475 It is currently on a distant roadmap but help always welcome. Thanks, Andrew ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Wildcard SSL
On Mon, Sep 16, 2013 at 4:23 AM, Dmitri Pal d...@redhat.com wrote: On 09/14/2013 04:00 AM, Andrew Lau wrote: Hi, I have a reverse proxy infront of many of my hosts, each of the virtual hosts have their own SSL cert, currently with FreeIPA I'm adding hosts for each virtual host and then creating a cert. From what I've found, it doesn't seem to be possible to do a wildcard ssl through FreeIPA, I tried exporting the ca root private key to manually sign a wildcard cert with no success. I may have done that wrong. Any suggestions? Is this what you are looking for? https://fedorahosted.org/freeipa/ticket/3475 It is currently on a distant roadmap but help always welcome. Thanks, Andrew ___ Freeipa-users mailing listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs?www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users Yeah. Is there any way of manually doing that now by pulling the root ca and key out to sign a cert? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users