[Freeipa-users] Using our IPA CA as a trusted CA to sign ssl certificates
bret.wortman at damascusgrp.com
bret.wortman at damascusgrp.com
Thu Jun 2 21:35:01 UTC 2016
Sorry, let me back up a step. We need to implement hype everywhere. All our web services. And clients need to get keys&certs automatically whether through IPA or Puppet. These systems use IPA for everything but authentication (to keep most users off). I'm trying to wuss out the easiest way to make this happen smoothly.
Bret Wortman
http://wrapbuddies.co/
On Jun 2, 2016, 5:31 PM -0400, Rob Crittenden<rcritten at redhat.com>, wrote:
> Bret Wortman wrote:
> > Is it possible to use our freeipa CA as a trusted CA to sign our
> > internal SSL certificates? Our system runs on a private network and so
> > using the usual trusted sources isn't an option. We've been using
> > self-signed, but that adds some additional complications and we thought
> > this might be a good solution.
> >
> > Is it possible, and, since most online guides defer to "submit the CSR
> > to Verisign" or whomever, how would you go about producing one in this way?
>
> Not sure I understand the question. The IPA CA is also self-signed. For
> enrolled systems though at least the CA is pre-distributed so maybe that
> will help.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160602/df73d559/attachment.htm>
More information about the Freeipa-users
mailing list