[Freeipa-users] question about generating certificates
Arthur Faizullin
arthur at deus.pro
Wed Nov 6 08:16:18 UTC 2013
Hi, everyone!
I feel myself very uncomfortable asking this question, since usually I
found documentation easy to understand&read. (Thanks for that!)
But there is the point, that I could not understand.
That point is generating certificates using IPA CA.
I have read about this:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/request-service-service.html
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/certmongerX.html
https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/getting-started.txt
but I did not get the point! :(
So, I have build test environment as shown in attached document, if you
need details, you may look at it.
for short I have 2 servers:
1. IPA-server: ipaserver.example.com
2. PostgreSQL-server: postgresql.example.com
PostgreSQL was chosen as an example (nor bad, nor good)
and I try to generate key&certificate:
$ sudo ipa-getcert request -f /home/tuser/server.crt
-k /home/tuser/server.key -K postgresql/postgresql.example.com -N
CN=postgresql.example.com -D postgresql.example.com
I get this answer:
New signing request "20131106075356" added.
But what to do with this answer? I can get list of requests, but that
does not make it more clear:
$ ipa-getcert list
Error connecting to DBus.
Please verify that the message bus (D-Bus) service is running.
[tuser at postgresql ~]$ sudo ipa-getcert list
Number of certificates and requests being tracked: 2.
Request ID '20131101115647':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA
Machine Certificate - postgresql.example.com',token='NSS Certificate DB'
certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine
Certificate - postgresql.example.com',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=postgresql.example.com,O=EXAMPLE.COM
expires: 2015-11-02 11:56:48 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20131106075356':
status: NEED_KEY_PAIR
stuck: no
key pair storage: type=FILE,location='/home/tuser/server.key'
certificate: type=FILE,location='/home/tuser/server.crt'
CA: IPA
issuer:
subject:
expires: unknown
pre-save command:
post-save command:
track: yes
auto-renew: yes
______________________________
Best regards, Arthur Fayzullin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IPASSLCA.pdf
Type: application/pdf
Size: 147674 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20131106/38162de3/attachment.pdf>
More information about the Freeipa-users
mailing list