<div dir="ltr">Hi Dmitri,<div><br></div><div>I am interested in the renewal process, how would that happen for clients, and when would it happen?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 11 September 2014 03:01, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 09/10/2014 07:57 PM, William Graboyes wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br></span><span class="">
Hi Dmitri,<br>
<br>
Production Environment is going to be RH 6.5,  We are still evaluating<br>
the usage of systemd. More like we are taking a wait and see approach<br>
to to systemd, while actively testing it.<br>
</span></blockquote>
The command line options for chaining are there from day one.<br>
So you would need to chain your production environment when you deploy it.<br>
In future when you migrate to later versions (in couple of years or so) you will be able to change the chaining using the new tools. Right now it is a vary hard multi step manual procedure. This is why we developed the tool.<br>
But you should be all set for now. You would not need to change anything for several years.<br>
<br>
Thanks<span class="HOEnZb"><font color="#888888"><br>
Dmitri</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks,<br>
Bill<br>
<br>
On Wed Sep 10 16:49:24 2014, Dmitri Pal wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 09/10/2014 07:26 PM, William Graboyes wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
Hi Chris,<br>
<br>
Thank you for the suggestion. Looking at<br>
<a href="http://www.redhat.com/archives/freeipa-users/2014-August/msg00334.html" target="_blank">http://www.redhat.com/<u></u>archives/freeipa-users/2014-<u></u>August/msg00334.html</a><br>
<br>
Installing a new, third party cert requires a reinstall of IPA?  IPA<br>
Devs, that is a bit silly don't you think?  A year or two in the cert<br>
expires, now you have to start from scratch?  I will wait for some form<br>
of response before I attempt at eating crow in front of management.<br>
<br>
I forgot to mention, free-ipa version ipa-server-3.0.0-37.el6.x86_<u></u>64.<br>
</blockquote>
Since 3.0 internal certs are issued for 2 years and are renewed<br>
automatically. The root cert is valid for more than two years (AFAIR<br>
it is 20).<br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
On Wed Sep 10 15:55:56 2014, Chris Whittle wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Search the list for a post by me and certs...  Basically there is a<br>
install<br>
flag that will do all the work for you once you have it the cert in the<br>
right format.<br>
On Sep 10, 2014 5:53 PM, "William Graboyes" <<a href="mailto:wgraboyes@cenic.org" target="_blank">wgraboyes@cenic.org</a>><br>
wrote:<br>
<br>
********* *BEGIN ENCRYPTED or SIGNED PART* *********<br>
<br>
Hello list,<br>
<br>
I have been fruitlessly searching for some information, especially<br>
related to Certs, namely how to replace the self signed certs with<br>
certs from a trusted CA?  As we are moving forward into<br>
productionizing of our free-ipa install, I am finding information on<br>
the net to be a bit lacking.  There is also the possibility that I am<br>
not looking in the right places, or using the correct search terms.<br>
Any help on this front would be greatly appreciated.<br>
<br>
Thanks,<br>
Bill<br>
<br>
<br>
********** *END ENCRYPTED or SIGNED PART* **********<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/freeipa-users</a><br>
Go To <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br>
<br>
</blockquote>
<br>
</blockquote>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)<br>
Comment: GPGTools - <a href="https://gpgtools.org" target="_blank">https://gpgtools.org</a><br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
iQIcBAEBCgAGBQJUEN4JAAoJEJFMz7<u></u>3A1+zrjNAP/<u></u>1aZOjhp6c6JwWXUjBE4Pt4i<br>
u6Z1BRFNYgIc5/<u></u>aNsPAKrdzMqQgTjgWJvSh5UCON0Vdm<u></u>uIx7pQLP7nIlaCCXTRRK<br>
pKx2Cez5Ho7Lwlsb87WW3bzjcyKGX5<u></u>Wd3+<u></u>VJdQ6ugYJTpVS4gMxh8atZCV613EY6<br>
FuMk1RS6qlWM2Ut3SjmaAZK3jTw2pU<u></u>sJzW3zzB271i6sJqAMZTh7Lrie6QcG<u></u>qAON<br>
eLGlWBZuCaeULUuQmArVZiP3qPnH5N<u></u>uccvXLFVbX7D1+<u></u>SM8XeLWrTklN1bfX2HF0<br>
QCFlizb+bBga/<u></u>d5cEaCv7R8v6m46R4wS779KSUV1jn9<u></u>PpHISNcmLafv6dTAb6F+5<br>
RBADwBP6coh5LrOJJh0pIByx9dYRbd<u></u>if/BSH4VMcvfvFMs/<u></u>EO1PAsGLWQPwoNfYO<br>
0SzUV1R47JW9NGzeTxja+<u></u>byKz9hwGtAT2FIw0NibR+<u></u>M1FydPD9k3LTjTnQWgeSro<br>
ks3AUPDy/hj+E72QDORj+/<u></u>Zvy3sw8wDFVRw2LH/<u></u>jaDmWbWhZUG4riC3w2egPjcSK<br>
KIYQ7L/fdeN6S9jt8UcUf1YDHgfLU+<u></u>iTgqyssr54RufVuM9iBNOkoWxxI0Q9<u></u>oyMF<br>
NDKiOY8rs2rBu6x09NiHG0BoX1LQzr<u></u>rKQFQ4ao48w2RH3ocFCgQbsEHZ18uI<u></u>fo4Y<br>
CB5M63nykETHkkR3ZFkd<br>
=8T1Y<br>
-----END PGP SIGNATURE-----<br>
<br>
</blockquote>
<br>
</blockquote>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)<br>
Comment: GPGTools - <a href="https://gpgtools.org" target="_blank">https://gpgtools.org</a><br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
iQIcBAEBCgAGBQJUEOV8AAoJEJFMz7<u></u>3A1+zrgwAQAJkx74MPOVvbnrG+<u></u>dmY8w7ok<br>
J/6NWt9Rb/<u></u>pS9gRrN7iFopni3BoHuLFC6ltwD6Ko<u></u>WllYClwoXke4T0FQ/nU6Ar6M<br>
tsuQMYxP0boxhQua2uF/kZ/<u></u>atMolxoNMShNixXd4dnWtBlpl+R+<u></u>V58FtfjSGfy49<br>
qX2Ge6g6wEFATwKReM1KpKCFIfO/<u></u>yq/<u></u>wM4NLvvBd6WShJXh6TQBE44y9aXLLJ<u></u>IlP<br>
DApoLnMHaopNZITSNKt1t7dgw6ne9O<u></u>370nQwOxR5L0peH8bxla0FLJ57vX+<u></u>RCC0f<br>
3EV/<u></u>tQHKiXET1RqWE927tfPf171Xcq7sdj<u></u>LRUL2JTVCK3zPZUuVg9WmuqrLUArhW<br>
f1XRpn1MM2e0xn18rvHfuRZr2IIUuP<u></u>E+RfVcQMgEcgtSYuDNlVYCO/<u></u>ONyTQHxJ/E<br>
JRkN6nDOZ1nlItJlrrT0MVgdMKQLG7<u></u>IxkvOndGsyOShD/<u></u>XvvjQYlQbDvRvodnAlc<br>
JUIlcC3PbGZh+<u></u>CRymXzu6M7DYceE5rJ/HzbR1UAPM/<u></u>dep1P6zA3WyTS15tzIJ93f<br>
pjLYTciDvPbTOfRTV+<u></u>1PQvvVDbHZve34wcjGZHaqV35qUQwX<u></u>cd/DQK18L8S7EmDx<br>
BeBmii/<u></u>cX2qBSyzDNGgSjtBTh0AT67tpJQPnH<u></u>7brsVc9S75+E/MyDqXZjqiJv/9N<br>
i22XgsD/iTzkP3o0OTjs<br>
=FKVl<br>
-----END PGP SIGNATURE-----<br>
<br>
</blockquote>
<br>
<br>
-- <br></div></div><span class="im HOEnZb">
Thank you,<br>
Dmitri Pal<br>
<br>
Sr. Engineering Manager IdM portfolio<br>
Red Hat, Inc.<br>
<br></span><div class="HOEnZb"><div class="h5">
-- <br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/freeipa-users</a><br>
Go To <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br>
</div></div></blockquote></div><br></div>