[Freeipa-users] Exporting a PEM Certificate for OpenStack Keystone

[Justin Brown]

Hi,

I'm having some trouble understanding certificates in general and service
certificates in FreeIPA.

Keystone if the authentication layer for OpenStack, and I'm trying to get
it setup to integrate with the certificates in my FreeIPA domain.

By default, Keystone setups up a self-signed CA based on settings an
openssl.conf.

I would like to use a FreeIPA service certificate to sign tokens for
Keystone.

I have Keystone at keystone.cloud.fandingo.org and install with the FreeIPA
client.

I setup a service, HTTP/keystone.cloud.fandingo.org. Then, I create a CSR
and private key using OpenSSL. Lastly, I copy  the CSR into FreeIPA and
generate the certificate.

 I just need to get the signed certificate out of FreeIPA in some way.
However, I can't for the life of me figure out what format the certificate
is. It's not PEM or any of the PKCS versions that I'm familiar with because
there are no header or footer lines. It doesn't appear to be DER because
OpenSSL refuses to process it as such.

What is the format of this certificate?

Thanks,
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130721/bd3b30ac/attachment.htm>