[Freeipa-users] Certs.

Tue Sep 16 16:40:03 UTC 2014

Hi Dmitri,

I am interested in the renewal process, how would that happen for clients,
and when would it happen?

On 11 September 2014 03:01, Dmitri Pal <dpal at redhat.com> wrote:

> On 09/10/2014 07:57 PM, William Graboyes wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Hi Dmitri,
>>
>> Production Environment is going to be RH 6.5,  We are still evaluating
>> the usage of systemd. More like we are taking a wait and see approach
>> to to systemd, while actively testing it.
>>
> The command line options for chaining are there from day one.
> So you would need to chain your production environment when you deploy it.
> In future when you migrate to later versions (in couple of years or so)
> you will be able to change the chaining using the new tools. Right now it
> is a vary hard multi step manual procedure. This is why we developed the
> tool.
> But you should be all set for now. You would not need to change anything
> for several years.
>
> Thanks
> Dmitri
>
>
>
>  Thanks,
>> Bill
>>
>> On Wed Sep 10 16:49:24 2014, Dmitri Pal wrote:
>>
>>> On 09/10/2014 07:26 PM, William Graboyes wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA512
>>>>
>>>> Hi Chris,
>>>>
>>>> Thank you for the suggestion. Looking at
>>>> http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html
>>>>
>>>> Installing a new, third party cert requires a reinstall of IPA?  IPA
>>>> Devs, that is a bit silly don't you think?  A year or two in the cert
>>>> expires, now you have to start from scratch?  I will wait for some form
>>>> of response before I attempt at eating crow in front of management.
>>>>
>>>> I forgot to mention, free-ipa version ipa-server-3.0.0-37.el6.x86_64.
>>>>
>>> Since 3.0 internal certs are issued for 2 years and are renewed
>>> automatically. The root cert is valid for more than two years (AFAIR
>>> it is 20).
>>>
>>>
>>>
>>>
>>>>
>>>> On Wed Sep 10 15:55:56 2014, Chris Whittle wrote:
>>>>
>>>>> Search the list for a post by me and certs...  Basically there is a
>>>>> install
>>>>> flag that will do all the work for you once you have it the cert in the
>>>>> right format.
>>>>> On Sep 10, 2014 5:53 PM, "William Graboyes" <wgraboyes at cenic.org>
>>>>> wrote:
>>>>>
>>>>> ********* *BEGIN ENCRYPTED or SIGNED PART* *********
>>>>>
>>>>> Hello list,
>>>>>
>>>>> I have been fruitlessly searching for some information, especially
>>>>> related to Certs, namely how to replace the self signed certs with
>>>>> certs from a trusted CA?  As we are moving forward into
>>>>> productionizing of our free-ipa install, I am finding information on
>>>>> the net to be a bit lacking.  There is also the possibility that I am
>>>>> not looking in the right places, or using the correct search terms.
>>>>> Any help on this front would be greatly appreciated.
>>>>>
>>>>> Thanks,
>>>>> Bill
>>>>>
>>>>>
>>>>> ********** *END ENCRYPTED or SIGNED PART* **********
>>>>>
>>>>>  --
>>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>> Go To http://freeipa.org for more info on the project
>>>>>>
>>>>>>
>>>>>  -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
>>>> Comment: GPGTools - https://gpgtools.org
>>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>>>
>>>> iQIcBAEBCgAGBQJUEN4JAAoJEJFMz73A1+zrjNAP/1aZOjhp6c6JwWXUjBE4Pt4i
>>>> u6Z1BRFNYgIc5/aNsPAKrdzMqQgTjgWJvSh5UCON0VdmuIx7pQLP7nIlaCCXTRRK
>>>> pKx2Cez5Ho7Lwlsb87WW3bzjcyKGX5Wd3+VJdQ6ugYJTpVS4gMxh8atZCV613EY6
>>>> FuMk1RS6qlWM2Ut3SjmaAZK3jTw2pUsJzW3zzB271i6sJqAMZTh7Lrie6QcGqAON
>>>> eLGlWBZuCaeULUuQmArVZiP3qPnH5NuccvXLFVbX7D1+SM8XeLWrTklN1bfX2HF0
>>>> QCFlizb+bBga/d5cEaCv7R8v6m46R4wS779KSUV1jn9PpHISNcmLafv6dTAb6F+5
>>>> RBADwBP6coh5LrOJJh0pIByx9dYRbdif/BSH4VMcvfvFMs/EO1PAsGLWQPwoNfYO
>>>> 0SzUV1R47JW9NGzeTxja+byKz9hwGtAT2FIw0NibR+M1FydPD9k3LTjTnQWgeSro
>>>> ks3AUPDy/hj+E72QDORj+/Zvy3sw8wDFVRw2LH/jaDmWbWhZUG4riC3w2egPjcSK
>>>> KIYQ7L/fdeN6S9jt8UcUf1YDHgfLU+iTgqyssr54RufVuM9iBNOkoWxxI0Q9oyMF
>>>> NDKiOY8rs2rBu6x09NiHG0BoX1LQzrrKQFQ4ao48w2RH3ocFCgQbsEHZ18uIfo4Y
>>>> CB5M63nykETHkkR3ZFkd
>>>> =8T1Y
>>>> -----END PGP SIGNATURE-----
>>>>
>>>>
>>>  -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
>> Comment: GPGTools - https://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCgAGBQJUEOV8AAoJEJFMz73A1+zrgwAQAJkx74MPOVvbnrG+dmY8w7ok
>> J/6NWt9Rb/pS9gRrN7iFopni3BoHuLFC6ltwD6KoWllYClwoXke4T0FQ/nU6Ar6M
>> tsuQMYxP0boxhQua2uF/kZ/atMolxoNMShNixXd4dnWtBlpl+R+V58FtfjSGfy49
>> qX2Ge6g6wEFATwKReM1KpKCFIfO/yq/wM4NLvvBd6WShJXh6TQBE44y9aXLLJIlP
>> DApoLnMHaopNZITSNKt1t7dgw6ne9O370nQwOxR5L0peH8bxla0FLJ57vX+RCC0f
>> 3EV/tQHKiXET1RqWE927tfPf171Xcq7sdjLRUL2JTVCK3zPZUuVg9WmuqrLUArhW
>> f1XRpn1MM2e0xn18rvHfuRZr2IIUuPE+RfVcQMgEcgtSYuDNlVYCO/ONyTQHxJ/E
>> JRkN6nDOZ1nlItJlrrT0MVgdMKQLG7IxkvOndGsyOShD/XvvjQYlQbDvRvodnAlc
>> JUIlcC3PbGZh+CRymXzu6M7DYceE5rJ/HzbR1UAPM/dep1P6zA3WyTS15tzIJ93f
>> pjLYTciDvPbTOfRTV+1PQvvVDbHZve34wcjGZHaqV35qUQwXcd/DQK18L8S7EmDx
>> BeBmii/cX2qBSyzDNGgSjtBTh0AT67tpJQPnH7brsVc9S75+E/MyDqXZjqiJv/9N
>> i22XgsD/iTzkP3o0OTjs
>> =FKVl
>> -----END PGP SIGNATURE-----
>>
>>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140916/431b1dde/attachment.htm>