[Freeipa-users] User certificates with FreeIPA and another question.
Natxo Asenjo
natxo.asenjo at gmail.com
Fri Feb 6 15:38:02 UTC 2015
On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek <mkosek at redhat.com> wrote:
> On 02/06/2015 12:53 AM, Christopher Young wrote:
> > Obvious next question: Any plans to implement that functionality or
> advice
> > on how one might get some level of functionality for this? Would it be
> > possible to create another command-line based openssl CA that could issue
> > these but using IPA as the root CA for those?
>
> As for FreeIPA plans, we plan to vastly improve our flexibility to process
> certificates in next upstream version - FreeIPA 4.2. In next version, one
> should be able to create other certificate profiles (from FreeIPA default
> service cert profile) or even subCAs to do what you want.
>
>
nice. When do all these things land in RHEL?
> As for current workarounds, you would have to issue and sign a for example
> NSS
> or openssl based subCA and then sign user certs there. But I would leave
> Fraser
> or Jan to tell if this would be really possible.
some examples on how to do that would be very helpful. I would love to
authenticate users to mysql using our CA, for instance.
--
regards,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150206/cbab78b5/attachment.htm>
More information about the Freeipa-users
mailing list