[Freeipa-users] User certificates with FreeIPA and another question.
Rob Crittenden
rcritten at redhat.com
Thu Feb 5 21:09:17 UTC 2015
Christopher Young wrote:
> Some of this might be rudimentary, so I apologize if this is answered
> somewhere, though I've tried to search and have not had much luck...
>
> Basically, I would like to be able to issue user certificates (Subject:
> email=sblblabla at blabla.local) in order to use client SSL security on
> some things. I'm very new to FreeIPA, but have worked with external CAs
> in the past for similar requests, however this is my first entry into
> creating/running a localized CA within an organization.
IPA doesn't issue user certificates yet, only server certificates.
> I was wondering if this is possible via the command line, and if so, how
> to go about submitting the request and receiving the certificate. Any
> guidance or assistance would be greatly appreciated!
>
>
> Additionally, just as a matter of cleanliness, is there any way possible
> to just completely wipe out the existence of a certificate/request from
> FreeIPA. I have done some trial-and-error and obviously have made
> mistakes that I'd prefer to clean up after. I've revoked those certs,
> however the perfectionist in me hates seeing them there. I'm quite
> certain the answer is 'no', but I thought I would ask anyway.
Right, the answer is no. In fact it is a good thing that all
certificates are accounted for.
rob
More information about the Freeipa-users
mailing list