[Freeipa-users] Certs.
Dmitri Pal
dpal at redhat.com
Wed Sep 10 23:47:37 UTC 2014
On 09/10/2014 06:50 PM, William Graboyes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello list,
>
> I have been fruitlessly searching for some information, especially
> related to Certs, namely how to replace the self signed certs with
> certs from a trusted CA?
This is an install time decision so when you deploy a new production
environment you will need to use the ipa-server-install with the related
arguments to do the chaining.
> As we are moving forward into
> productionizing of our free-ipa install, I am finding information on
> the net to be a bit lacking. There is also the possibility that I am
> not looking in the right places, or using the correct search terms.
> Any help on this front would be greatly appreciated.
The ability to replace the cert from being a self signed to a chained is
a feature that is coming in IPA 4.1
The design page is here:
http://www.freeipa.org/page/V4/CA_certificate_renewal
What distro are you planning to use? It is considered for the next
release of RHEL.
>
> Thanks,
> Bill
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - https://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCgAGBQJUENXDAAoJEJFMz73A1+zr5vQP/1Zt7S+5C+B+dgzI1UJWgxGj
> KGh3pvn0zmp3Ge6zCtQ6Is+jQRTZPp4xH8sW1KMdfmBD1l9qcf3GgqH529UHfe5X
> DGl8xC1h+yKr8DUm0ckl5fCcs9bpyjXIisCJzBB31ne4wsveeEQN0tVhsYvZ+zH3
> 98j/uRpnXEnDGOJq1e1h5bkHPTTTDgBSUVD1+oLKg4LxYaacbU4q85BVXBAB73SX
> NunN8snqZ0fVVPMAz4ejd5kIhU+RCfIkzVuP+V2/9W/iLs2bte3eV1h/ppweuI7x
> CRSEi/UPEC+cG0pF8ImodSN70nG0bjqDf95eg9VnAHXQXlY83dIOm5M9SkeiQEdP
> bWmKEE4kejEewBJtkCIR3ldckVAU+x4xLTk3tpSi6rZwdDNBC+E4m9PXhMpT2hFW
> 3QlxaMDlXjKFEgv9c36NR5sNs4YY7cOLAbaGaFcuiBQcsjXk6A2I/u6C5RQkhFpq
> Eqhgz/5Ow+oRAHvE/mhORORHaweCcZbR5oMNeQS8Tanju/1VcDtYy12+1U1QX1vY
> 1nUaTtAsPflYyJSudrFclLZFw4YaC4d5SoSnN+LDiOcmpz2AIfHlmwc2AMZW/c2G
> nHcbSw0JNrfS1bHK6H9AO6q2LORWji8Usf3xTcZba+vC3eD/v0UPmISUW1kVWdKh
> Jrc6QM2LipgK5KmpjTKa
> =t75e
> -----END PGP SIGNATURE-----
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list