I’m working on integrating the Enrolment over Secure Transport (EST)
protocol with FreeIPA (4.12.2) to manage certificates in our setup. I’ve
gone through the docs but couldn’t find information on a few specific
areas. I’d love to get some advice or pointers from anyone who’s tackled
something similar:
1.
Storing Generated Certificates in LDAP:
- How can we set up the EST server to save the certificates it generates
directly into the LDAP database that FreeIPA uses?
- Are there particular schemas or attributes we need to add or tweak
in LDAP for this?
2.
Selecting Sub-CAs (FreeIPA Lightweight CAs):
- What’s the best way to configure EST to choose Sub-CAs, especially
FreeIPA’s Lightweight CAs?
- Any best practices or example setups that make this selection
smooth within the EST framework?
3.
Choosing Specific Certificate Profiles:
- How can we set up EST to support selecting different certificate
profiles based on various use cases or security needs?
- Is there a method to define and manage these profiles within
FreeIPA to ensure they work seamlessly with EST requests?
I didn’t find clear answers in the existing FreeIPA and DogTag's EST
documentation, so any examples, config snippets, or resource links would be
awesome.
Also, if there are any known issues or things to watch out for when
integrating EST with FreeIPA for these features, I’d appreciate the
heads-up.
Thanks a lot for your help! Looking forward to your insights.
Cheers,
Nelson
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
