[Freeipa-users] Announcing FreeIPA 4.4.2
Martin Kosek
mkosek at redhat.com
Fri Oct 14 07:58:11 UTC 2016
On 10/13/2016 09:17 PM, Petr Vobornik wrote:
> The FreeIPA team would like to announce FreeIPA 4.4.2 release!
>
> It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
> for Fedora 24 will be available in the official COPR repository
> <https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-4/>.
>
> This announcement is also available on
> http://www.freeipa.org/page/Releases/4.4.2
>
> Fedora 25 update:
> https://bodhi.fedoraproject.org/updates/freeipa-4.4.2-1.fc25
Please note that the FreeIPA Public demo was also upgraded to the version
4.4.2, if you want to try it out!
Demo location: https://ipa.demo1.freeipa.org/ipa/ui/
The selected new features that may be best exhibited in the FreeIPA Web UI:
* Improved Topology Management:
- IPA Server -> Topology -> Graph
- https://ipa.demo1.freeipa.org/ipa/ui/#/p/topology-graph
* Added Overview of IPA server roles:
- IPA Server -> Topology -> Server Roles
- https://ipa.demo1.freeipa.org/ipa/ui/#/e/server_role/search
- You can click on a role
- You can also see roles of a server:
- https://ipa.demo1.freeipa.org/ipa/ui/#/e/server/details/ipa.demo1.freeipa.org
* Added DNS Location Mechanism:
- IPA Server -> Topology -> IPA Locations
- You can add a location
- In the location details, you can add the servers to it (you can only test
UI as changing a location of IPA server requires DNS server restart)
* Added support for Sub-CAs
- Open Authentication -> Certificate Authorities
- Add new CA Authority, with subject like "CN=Certificate
Authority,O=VPN,O=DEMO1.FREEIPA.ORG"
- Set ACL for authority in "CA ACLs" so that Admin can use this CA
- Generate new certificate:
- Open for example a test Service
- Click Options -> New Certificate
- Follow the steps (and use the new Sub-CA). I typed these options to get
the CSR:
- cd /tmp/
- mkdir test
- cd test/
- certutil -N -d .
- certutil -R -d . -a -g 2048 -s
'CN=ipa.demo1.freeipa.org,O=VPN,O=DEMO1.FREEIPA.ORG' -8 'ipa.demo1.freeipa.org'
- Paste the CSR blob to FreeIPA, it should pass
- It will show that Issuer is "CN = Certificate Authority,O = VPN,O =
DEMO1.FREEIPA.ORG", i.e. our new Sub-CA
Enjoy!
Martin
More information about the Freeipa-users
mailing list