On Mon, Apr 11, 2016 at 11:43:17AM -0400, Anthony Clark wrote: > Hello All, > > I'm in the process of deploying FreeIPA 4 in a development environment. > One of my testers has imported the ca.pem file into Windows, and indicates > that it displays as: > > Issued to: Certificate Authority > Issued by: Certificate Authority > Friendly Name: <None> > > This will unfortunately cause confusion among certain end users, so I was > wondering if there's a way to change those attributes? > > Ideally without reinstalling everything, but thankfully we're still early > in the process so it's OK if do blow everything away. > > Do I need to generate a new CA outside of FreeIPA and then use > ipa-cacert-manage to "renew" the base CA? > > Thanks, > > Anthony Clark
Hi Anthony, After a brief investigation it appears that ``Friendly Name'' is a property that can be set in a Windows certificate store, and is not part of, or derived from, the certificate itself. Here are a couple of TechNet articles that might help: - https://technet.microsoft.com/en-us/library/cc740218%28v=ws.10%29.aspx - https://blogs.technet.microsoft.com/pki/2008/12/12/defining-the-friendly-name-certificate-property/ Cheers, Fraser -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
