[Freeipa-users] How to get a new cert
Bret Wortman
bret.wortman at damascusgrp.com
Wed Sep 28 13:30:37 UTC 2016
Yeah, I'm still not getting this, and I'm probably missing something
painfully obvious.
I follow the steps here:
1. Log into the server for which I need the cert.
2. # certutil -R -d /etc/pki/nssdb -a -g 2048 -s
"CN=testesk1.internal.net,O=INTERNAL.NET" > ssl.csr
I then copy the contents of the csr file and paste it into the FreeIPA
UI after selecting Actions->New Certificiate from the Host Settings page.
3. I then click Actions->Get Certificate on that same page to extract
the contents and paste it into a new .pem file on the requesting host.
But how do I get at the key that was used in the creation of this cert?
I can get the cacert, and I've got the newly-issued cert, but what about
the key?
Thanks!
Bret
On 09/27/2016 02:00 PM, Bret Wortman wrote:
> That looks like it worked, but I have a follow-on question:
>
> I need to provide my RabbitMQ instance with a cacert file, a cert, and
> a key file. These seem to be .pem files. Is there an easy way to
> gather these 3 files from a typical IPA client node?
>
> Merci!
>
>
> Bret
>
>
> On 09/27/2016 11:28 AM, Florence Blanc-Renaud wrote:
>> Hi Bret,
>>
>> would the following be helpful? In "Linux Domain Identity,
>> Authentication, and Policy Guide", Chapter 17.1.1 Requesting New
>> Certificates for a User, Host, or Service [1]
>>
>> Flo.
>>
>> [1]
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/certificates.html#certificate-request
>>
>> On 09/27/2016 04:20 PM, Bret Wortman wrote:
>>> Is there a guide anywhere for how to obtain an SSL certificate for a
>>> new
>>> server & service from the IPA CA master? Most of the guides I'm seeing
>>> online use web pages at the major CAs to do this and I'd like to
>>> keep it
>>> in the family.
>>>
>>> Thanks!
>>>
>>>
>>> --
>>> *Bret Wortman*
>>> <http://wrapbuddies.co/>
>>> http://wrapbuddies.co/
>>>
>>>
>>
>
More information about the Freeipa-users
mailing list