[Freeipa-users] User certificates with FreeIPA and another question.
Christopher Young
mexigabacho at gmail.com
Thu Feb 5 23:53:14 UTC 2015
Obvious next question: Any plans to implement that functionality or advice
on how one might get some level of functionality for this? Would it be
possible to create another command-line based openssl CA that could issue
these but using IPA as the root CA for those?
I'm just trying to provide a solution for situations where we would like to
utilize client/user cert authentication for situations like secure apache
directory access as well as user VPN certificates. Any advise or ideas are
great appreciated.
Thanks again!
On Thu, Feb 5, 2015 at 4:09 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Christopher Young wrote:
> > Some of this might be rudimentary, so I apologize if this is answered
> > somewhere, though I've tried to search and have not had much luck...
> >
> > Basically, I would like to be able to issue user certificates (Subject:
> > email=sblblabla at blabla.local) in order to use client SSL security on
> > some things. I'm very new to FreeIPA, but have worked with external CAs
> > in the past for similar requests, however this is my first entry into
> > creating/running a localized CA within an organization.
>
> IPA doesn't issue user certificates yet, only server certificates.
>
> > I was wondering if this is possible via the command line, and if so, how
> > to go about submitting the request and receiving the certificate. Any
> > guidance or assistance would be greatly appreciated!
> >
> >
> > Additionally, just as a matter of cleanliness, is there any way possible
> > to just completely wipe out the existence of a certificate/request from
> > FreeIPA. I have done some trial-and-error and obviously have made
> > mistakes that I'd prefer to clean up after. I've revoked those certs,
> > however the perfectionist in me hates seeing them there. I'm quite
> > certain the answer is 'no', but I thought I would ask anyway.
>
> Right, the answer is no. In fact it is a good thing that all
> certificates are accounted for.
>
> rob
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150205/bc41e88c/attachment.htm>
More information about the Freeipa-users
mailing list