On Thu, Feb 05, 2015 at 03:12:17PM -0500, Christopher Young wrote: > Some of this might be rudimentary, so I apologize if this is answered > somewhere, though I've tried to search and have not had much luck... > > Basically, I would like to be able to issue user certificates (Subject: > [email protected]) in order to use client SSL security on some > things. I'm very new to FreeIPA, but have worked with external CAs in the > past for similar requests, however this is my first entry into > creating/running a localized CA within an organization. > > I was wondering if this is possible via the command line, and if so, how to > go about submitting the request and receiving the certificate. Any > guidance or assistance would be greatly appreciated! > Hi Christopher,
I am working on features of Dogtag necessary for this and it will be integrated in a future release of FreeIPA. For now, you could use the Dogtag CA directly to issue user certificates. > > Additionally, just as a matter of cleanliness, is there any way possible to > just completely wipe out the existence of a certificate/request from > FreeIPA. I have done some trial-and-error and obviously have made mistakes > that I'd prefer to clean up after. I've revoked those certs, however the > perfectionist in me hates seeing them there. I'm quite certain the answer > is 'no', but I thought I would ask anyway. > The answer is "no". Dogtag remembers all the certificates it issues. Regards, Fraser > Thanks for any assistance, > > Chris > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
