<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 03/27/2015 04:52 PM, Steve Neuharth
wrote:<br>
</div>
<blockquote
cite="mid:CAJ8pdwu35q_Uj=2e12STP20v=8wJn=Ucpy6c+JnFG72qHiEhUg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>Hello, <br>
<br>
</div>
Is it possible or perhaps not recommended to use the dogtag
API and/or UI on a FreeIPA system without using the freeIPA
CLI or UI? I have a requirement to submit a certificate to a
service without kerberos and without client software
installed using a RESTful API. Dogtag API is very well
documented and I do not want to associate all my
certificates with a Kerberos principal because it adds
complexity to the cert signing process. I just need to sign
a cert without the FreeIPA overhead.<br>
<br>
</div>
I tried to get to the Dogtag web UI through the url <a
moz-do-not-send="true"
href="http://ipa.example.com/ca/ee/ca">http://ipa.example.com/ca/ee/ca</a>
but I get an unauthenticated web page (no password prompt) and
broken image links. This tells me that perhaps the Dogtag UI
in a FreeIPA installation is not meant to be used without
FreeIPA. Is that correct?<br>
<br>
</div>
<div>I know this is a weird use case and not necessarily a
FreeIPA problem but if someone could advise, I'd greatly
appreciate it.<br>
</div>
</div>
</blockquote>
<br>
For now you should use Dogtag by itself for this use case without
IPA.<br>
We are working on making it easier for this use case to be possible
via IPA but it is not there yet.<br>
<br>
<blockquote
cite="mid:CAJ8pdwu35q_Uj=2e12STP20v=8wJn=Ucpy6c+JnFG72qHiEhUg@mail.gmail.com"
type="cite">
<div dir="ltr">--steve<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>