[Freeipa-users] User certificates with FreeIPA and another question.
Dmitri Pal
dpal at redhat.com
Sat Feb 7 14:59:05 UTC 2015
On 02/06/2015 10:38 AM, Natxo Asenjo wrote:
> On Fri, Feb 6, 2015 at 3:30 PM, Martin Kosek <mkosek at redhat.com
> <mailto:mkosek at redhat.com>> wrote:
>
> On 02/06/2015 12:53 AM, Christopher Young wrote:
> > Obvious next question: Any plans to implement that
> functionality or advice
> > on how one might get some level of functionality for this?
> Would it be
> > possible to create another command-line based openssl CA that
> could issue
> > these but using IPA as the root CA for those?
>
> As for FreeIPA plans, we plan to vastly improve our flexibility to
> process
> certificates in next upstream version - FreeIPA 4.2. In next
> version, one
> should be able to create other certificate profiles (from FreeIPA
> default
> service cert profile) or even subCAs to do what you want.
>
>
> nice. When do all these things land in RHEL?
It we manage to land 4.2 in RHEL 7.2 then it will be there.
Time will show how successful we will be with this plan so no promises
so far.
> As for current workarounds, you would have to issue and sign a for
> example NSS
> or openssl based subCA and then sign user certs there. But I would
> leave Fraser
> or Jan to tell if this would be really possible.
>
>
> some examples on how to do that would be very helpful. I would love to
> authenticate users to mysql using our CA, for instance.
>
> --
> regards,
> natxo
>
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150207/55312664/attachment.htm>
More information about the Freeipa-users
mailing list