[Freeipa-users] User certificates with FreeIPA and management
Fraser Tweedale
ftweedal at redhat.com
Fri Feb 6 06:09:40 UTC 2015
On Thu, Feb 05, 2015 at 03:12:17PM -0500, Christopher Young wrote:
> Some of this might be rudimentary, so I apologize if this is answered
> somewhere, though I've tried to search and have not had much luck...
>
> Basically, I would like to be able to issue user certificates (Subject:
> email=sblblabla at blabla.local) in order to use client SSL security on some
> things. I'm very new to FreeIPA, but have worked with external CAs in the
> past for similar requests, however this is my first entry into
> creating/running a localized CA within an organization.
>
> I was wondering if this is possible via the command line, and if so, how to
> go about submitting the request and receiving the certificate. Any
> guidance or assistance would be greatly appreciated!
>
Hi Christopher,
I am working on features of Dogtag necessary for this and it will be
integrated in a future release of FreeIPA. For now, you could use
the Dogtag CA directly to issue user certificates.
>
> Additionally, just as a matter of cleanliness, is there any way possible to
> just completely wipe out the existence of a certificate/request from
> FreeIPA. I have done some trial-and-error and obviously have made mistakes
> that I'd prefer to clean up after. I've revoked those certs, however the
> perfectionist in me hates seeing them there. I'm quite certain the answer
> is 'no', but I thought I would ask anyway.
>
The answer is "no". Dogtag remembers all the certificates it
issues.
Regards,
Fraser
> Thanks for any assistance,
>
> Chris
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list