[Freeipa-users] services and openSSL and stuff
Dmitri Pal
dpal at redhat.com
Fri Apr 25 13:49:05 UTC 2014
On 04/25/2014 03:57 AM, Andrew Holway wrote:
>> What are the certs for?
> At the moment for a third party application however we would like to
> issue our own certs for everything SSL such as LDAPs or OpenVPN. It is
> quite a powerful feature to be able to install an organisations root
> key on a clients machine and then be able to bosh out certs at will
> however I am still on an interesting journey understanding the
> specific implications of this for the various client, operating
> systems and browsers.
>
> Thanks for the "certmonger" keyword :)
There are also some good docs and examples in the certmonger git repo in
docs folder and here.
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/certmongerX.html
Keep in mind that there are some limitations with what you want to
accomplish.
We are aware of it and want to address it. We just did not have a chance
to get our hands on it.
http://www.freeipa.org/page/V3/IPA_as_external_Puppet_CA
>
>> If they are for systems and services you might make you life simpler by
>> using certmonger on the system where your service will be running.
>> Assuming it is fedora, RHEL, CentOS and such (not sure about Debian and
>> Ubuntu, they might have certmonger too) you install ipa-client and it will
>> configure certmonger to use IPA. See certmonger man pages to get the certs
>> for the services.
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list