[Freeipa-users] Redhat IPA as a SSL CA

Wed Oct 16 05:20:43 UTC 2013

Is it
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
about the same?

В Пт, 19/07/2013 в 10:56 +0530, M.R Niranjan пишет:
> On 07/19/2013 06:57 AM, craig.freeipa at noboost.org wrote:
> > Hi,
> > 
> > I've been using Redhat IPA 2.2 as our internal CA quite successfully
> > for a while and managing in it from the IPA management website. 
> > 
> > I'm struggling to find precise information about the SSL certs and
> > management at a CLI level.
> > 
> > 1) Can I submit SSL CSR via cli?
> Yes, you could using ipa cert-request command
> 
> Example:
> 
> 1. Add the host for which you are generating request.
> 
> # ipa host-add webserver1.example.org
> 
> 2. Create a CSR (i.e private key and certificate request using openssl
> command)
> 
> 	A. Generate private key:
> 
> 	[root at test1 certs]# openssl genrsa 1024 > server.key
> 
> 	B. Generate CSR:
> 
> 	[root at test1 certs]#  openssl req -new -key server.key -out server.csr
> 
> 3. Submit the certificate request:
> 
> # ipa cert-request /etc/pki/tls/certs/server.csr
> 
> 4. Get the signed Certificate out using ipa cert-show command
> 
> Example:
> [root at test1 certs]# ipa cert-show 12 --out=/etc/pki/tls/certs/server.crt
> 
> > 2) Where are the approved client SSL certs kept in IPA?
> > 
> 
> They are stored in Directory Server in 2 places
> 
> 1. Domain Suffix tree
> dn:fqdn=webserver1.example.org,cn=computers,cn=accounts,dc=example,dc=org
> 
> 2. CA store in DS. Certificate system of IPA stores certificate in it's
> ldap store (ou=certificateRepository,ou=ca,o=ipaca)
> 
> 
> > 
> > cya
> > 
> > Craig
> > 
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > 
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users