[Freeipa-users] Requesting a cert for a user as opposed to a service.
Martin Kosek
mkosek at redhat.com
Wed Mar 25 13:10:31 UTC 2015
On 03/25/2015 02:03 PM, Rob Crittenden wrote:
> Steve (st33v) Neuharth wrote:
>> Hello,
>>
>> I hope this is an easy question to answer and forgive me if it has been answered before. I’ve read through the documentation on how to request an ssl cert and I cannot seem to find a process to request a client cert for a user.
>>
>> It seems that all certificates are linked to a kerberos service principal. If I’m creating a cert for a user entity, for a VPN client for example, how to I link the cert to an actual user account?
>>
>> thanks for your help,
>> —steve
>>
>
> IPA doesn't currently support certificates for users. Policies for
> service certificates are easy. Policies for user certificates are often
> more complex.
>
> It is being worked on.
Yup, it should be a FreeIPA 4.2 feature. Please feel free to track
https://fedorahosted.org/freeipa/ticket/4938
Would you be interested to eventually trying some Alpha/Beta version of this
functionality, to warn us about any potential problems of this feature in this
setup? (We are not there yet, just looking if there is an interest)
More information about the Freeipa-users
mailing list