[Freeipa-users] Certs.
Rob Crittenden
rcritten at redhat.com
Tue Sep 16 17:13:53 UTC 2014
Walid wrote:
> Hi Dmitri,
>
> I am interested in the renewal process, how would that happen for
> clients, and when would it happen?
It depends on what scenario you're talking about (self-signed IPA cert,
IPA as subordinate, user-provided certificates), and what certs you mean.
rob
>
> On 11 September 2014 03:01, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
> On 09/10/2014 07:57 PM, William Graboyes wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi Dmitri,
>
> Production Environment is going to be RH 6.5, We are still
> evaluating
> the usage of systemd. More like we are taking a wait and see
> approach
> to to systemd, while actively testing it.
>
> The command line options for chaining are there from day one.
> So you would need to chain your production environment when you
> deploy it.
> In future when you migrate to later versions (in couple of years or
> so) you will be able to change the chaining using the new tools.
> Right now it is a vary hard multi step manual procedure. This is why
> we developed the tool.
> But you should be all set for now. You would not need to change
> anything for several years.
>
> Thanks
> Dmitri
>
>
>
> Thanks,
> Bill
>
> On Wed Sep 10 16:49:24 2014, Dmitri Pal wrote:
>
> On 09/10/2014 07:26 PM, William Graboyes wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi Chris,
>
> Thank you for the suggestion. Looking at
> http://www.redhat.com/__archives/freeipa-users/2014-__August/msg00334.html
> <http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html>
>
> Installing a new, third party cert requires a reinstall
> of IPA? IPA
> Devs, that is a bit silly don't you think? A year or
> two in the cert
> expires, now you have to start from scratch? I will
> wait for some form
> of response before I attempt at eating crow in front of
> management.
>
> I forgot to mention, free-ipa version
> ipa-server-3.0.0-37.el6.x86___64.
>
> Since 3.0 internal certs are issued for 2 years and are renewed
> automatically. The root cert is valid for more than two
> years (AFAIR
> it is 20).
>
>
>
>
>
> On Wed Sep 10 15:55:56 2014, Chris Whittle wrote:
>
> Search the list for a post by me and certs...
> Basically there is a
> install
> flag that will do all the work for you once you have
> it the cert in the
> right format.
> On Sep 10, 2014 5:53 PM, "William Graboyes"
> <wgraboyes at cenic.org <mailto:wgraboyes at cenic.org>>
> wrote:
>
> ********* *BEGIN ENCRYPTED or SIGNED PART* *********
>
> Hello list,
>
> I have been fruitlessly searching for some
> information, especially
> related to Certs, namely how to replace the self
> signed certs with
> certs from a trusted CA? As we are moving forward into
> productionizing of our free-ipa install, I am
> finding information on
> the net to be a bit lacking. There is also the
> possibility that I am
> not looking in the right places, or using the
> correct search terms.
> Any help on this front would be greatly appreciated.
>
> Thanks,
> Bill
>
>
> ********** *END ENCRYPTED or SIGNED PART* **********
>
> --
> Manage your subscription for the Freeipa-users
> mailing list:
> https://www.redhat.com/__mailman/listinfo/freeipa-users
> <https://www.redhat.com/mailman/listinfo/freeipa-users>
> Go To http://freeipa.org for more info on the
> project
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - https://gpgtools.org
> Comment: Using GnuPG with Thunderbird -
> http://www.enigmail.net/
>
> iQIcBAEBCgAGBQJUEN4JAAoJEJFMz7__3A1+zrjNAP/__1aZOjhp6c6JwWXUjBE4Pt4i
> u6Z1BRFNYgIc5/__aNsPAKrdzMqQgTjgWJvSh5UCON0Vdm__uIx7pQLP7nIlaCCXTRRK
> pKx2Cez5Ho7Lwlsb87WW3bzjcyKGX5__Wd3+__VJdQ6ugYJTpVS4gMxh8atZCV613EY6
> FuMk1RS6qlWM2Ut3SjmaAZK3jTw2pU__sJzW3zzB271i6sJqAMZTh7Lrie6QcG__qAON
> eLGlWBZuCaeULUuQmArVZiP3qPnH5N__uccvXLFVbX7D1+__SM8XeLWrTklN1bfX2HF0
> QCFlizb+bBga/__d5cEaCv7R8v6m46R4wS779KSUV1jn9__PpHISNcmLafv6dTAb6F+5
> RBADwBP6coh5LrOJJh0pIByx9dYRbd__if/BSH4VMcvfvFMs/__EO1PAsGLWQPwoNfYO
> 0SzUV1R47JW9NGzeTxja+__byKz9hwGtAT2FIw0NibR+__M1FydPD9k3LTjTnQWgeSro
> ks3AUPDy/hj+E72QDORj+/__Zvy3sw8wDFVRw2LH/__jaDmWbWhZUG4riC3w2egPjcSK
> KIYQ7L/fdeN6S9jt8UcUf1YDHgfLU+__iTgqyssr54RufVuM9iBNOkoWxxI0Q9__oyMF
> NDKiOY8rs2rBu6x09NiHG0BoX1LQzr__rKQFQ4ao48w2RH3ocFCgQbsEHZ18uI__fo4Y
> CB5M63nykETHkkR3ZFkd
> =8T1Y
> -----END PGP SIGNATURE-----
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - https://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCgAGBQJUEOV8AAoJEJFMz7__3A1+zrgwAQAJkx74MPOVvbnrG+__dmY8w7ok
> J/6NWt9Rb/__pS9gRrN7iFopni3BoHuLFC6ltwD6Ko__WllYClwoXke4T0FQ/nU6Ar6M
> tsuQMYxP0boxhQua2uF/kZ/__atMolxoNMShNixXd4dnWtBlpl+R+__V58FtfjSGfy49
> qX2Ge6g6wEFATwKReM1KpKCFIfO/__yq/__wM4NLvvBd6WShJXh6TQBE44y9aXLLJ__IlP
> DApoLnMHaopNZITSNKt1t7dgw6ne9O__370nQwOxR5L0peH8bxla0FLJ57vX+__RCC0f
> 3EV/__tQHKiXET1RqWE927tfPf171Xcq7sdj__LRUL2JTVCK3zPZUuVg9WmuqrLUArhW
> f1XRpn1MM2e0xn18rvHfuRZr2IIUuP__E+RfVcQMgEcgtSYuDNlVYCO/__ONyTQHxJ/E
> JRkN6nDOZ1nlItJlrrT0MVgdMKQLG7__IxkvOndGsyOShD/__XvvjQYlQbDvRvodnAlc
> JUIlcC3PbGZh+__CRymXzu6M7DYceE5rJ/HzbR1UAPM/__dep1P6zA3WyTS15tzIJ93f
> pjLYTciDvPbTOfRTV+__1PQvvVDbHZve34wcjGZHaqV35qUQwX__cd/DQK18L8S7EmDx
> BeBmii/__cX2qBSyzDNGgSjtBTh0AT67tpJQPnH__7brsVc9S75+E/MyDqXZjqiJv/9N
> i22XgsD/iTzkP3o0OTjs
> =FKVl
> -----END PGP SIGNATURE-----
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/__mailman/listinfo/freeipa-users
> <https://www.redhat.com/mailman/listinfo/freeipa-users>
> Go To http://freeipa.org for more info on the project
>
>
>
>
More information about the Freeipa-users
mailing list