OK I must have missed that and I think I have the root cert now. I ran ipa-cacert-manage -n Digicert_Root -t C,, install DigiCert_Global_Root_CA.crt The message I got back said that this cert was installed successfully.
So now I tried adding the others using the same command as above (with a different nickname and file for each) and that failed. I tried adding them with ipa-server-certinstall but that didn't seem to work either. I ran: ipa-server-certinstall -w -d odin_chem_byu_edu.key odin_chem_byu_edu.crt DigiCertCA.crt DigiCert_Global_Root_CA.crt entered the Directory Manager password then it prompts for the private key password (there isn't one) on this. That didn't work saying I still don't have the entire chain.
I contacted Digicert about this and they pointed me to an intermediate certificate I could download, but it isn't in the same format so I'm not sure what to do with it as I cannot check the subject/issuer info on it with the openssl command like the others. I attempted to just add it to the command above, but it still said I didn't have the entire chain.
On Wed, Oct 16, 2019 at 1:50 PM Rob Crittenden rcritten@redhat.com wrote:
Kristian Petersen wrote:
https://drive.google.com/file/d/1Ygi85YAGh-DKfOXPz0mi9zIEbFwrSKnh/view?usp=s...
https://drive.google.com/file/d/1nuOGG4zrhq9mAZaLMqFBHgxx3d22XKW_/view?usp=s...
Try using these links to my Google Drive. Sending them to rcritten@redhat.com mailto:rcritten@redhat.com failed.
I don't have access to the first one. The second one containing DigiCertCA.crt is not a root:
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert H igh Assurance EV Root CA Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
rob
On Wed, Oct 16, 2019 at 1:02 PM Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> wrote:
Kristian Petersen wrote: > I tried attaching the files to my reply but that was rejected. So what > is the best way to share them with you? You can send them directly to me if you'd like. rob > > On Tue, Oct 15, 2019 at 3:32 PM Rob Crittenden <rcritten@redhat.com <mailto:rcritten@redhat.com> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> wrote: > > Kristian Petersen via FreeIPA-users wrote: > > They aren't in one file. But the server cert's issuer is the > subject of > > the DigiCert.crt file. I have already tried adding just the > > Digicert.crt file only to have it tell me it's Peer's Certificate > isn't > > trusted. I don't even know what certificate that is talking about. > > Can you share the files? > > rob > > > > > On Tue, Oct 15, 2019 at 7:27 AM Rob Crittenden > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> wrote: > > > > Kristian Petersen wrote: > > > Rob, > > > > > > After investigating the certs as you had suggested, I
do
> have the > > whole > > > chain. The server cert has as its issuer: > > > Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com <http://www.digicert.com> > <http://www.digicert.com> > > <http://www.digicert.com> > > > <http://www.digicert.com>, CN = DigiCert SHA2 High Assurance > Server CA > > > > > > And the DigiCert.crt file has as its issuer and
subject:
> > > Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com <http://www.digicert.com> > <http://www.digicert.com> > > <http://www.digicert.com> > > > <http://www.digicert.com>, CN = DigiCert SHA2 High Assurance > Server CA > > > Subject: C = US, O = DigiCert Inc, OU = www.digicert.com <http://www.digicert.com> > <http://www.digicert.com> > > <http://www.digicert.com> > > > <http://www.digicert.com>, CN = DigiCert SHA2 High Assurance > Server CA > > > > > > Am I missing something here? > > > > So you have the whole chain in one file? Try adding them > individually, > > starting at the root. > > > > rob > > > > > > > > On Fri, Oct 11, 2019 at 12:50 PM Rob Crittenden > > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>>> wrote: > > > > > > Kristian Petersen wrote: > > > > New but related question: Iff I just want to add new LDAP > > and HTTPS > > > > certs (not replacing the current ones) I know that can be > > done. I > > > read > > > > an article from Florence Blanc-Renaud that
mentions
> it, but > > I ran into > > > > some errors and I'm trying to troubleshoot them. When > I ran > > > > ipa-server-certinstall and gave it the key I generated and > > the crt > > > file > > > > I got from Digicert it said the entire chain was
not
> > present. So > > > then I > > > > tried including the DigiCertCA.crt file as well, > however, I got > > > the same > > > > result. > > > > > > > > I next tried adding the DigiCert certificate to
IPA
> > > > usingipa-cacert-manage -p DM_PASSWORD -n
NICKNAME -t
> C,, install > > > > DigiCertCA.crt > > > > This also failed giving an error that the cert was invalid > > because the > > > > Peer's Certificate issuer was not recognized.
Any
> thoughts > > about > > > what I > > > > might have missed? > > > > > > You don't have the full chain. It can be tricky to find the > > whole list > > > even on CA's that make it relatively easy. > > > > > > What you want to do is use a tool like openssl
x509 to
> display the > > > subject and issuer: > > > > > > openssl x509 -text -noout -in /path/to/cert > > > > > > I'd start with the server cert you've been issued. Find a > > matching CA > > > cert where the subject of the CA cert matches the issuer > on the > > > server cert. > > > > > > Then find another CA cert whose subject matches the > issuer of > > the bottom > > > of the chain, and work upwards until you find a CA cert > where > > the issuer > > > and subject match. Then you've found the root. That plus > the other > > > matching CA certs is your chain. > > > > > > I'll also note about the "add but not replace" the LDAP and > > Web certs. > > > There can only be one active. You can certainly use > different > > physical > > > files and nicknames to store the new certs but only one > set is > > active at > > > a time. > > > > > > rob > > > > > > > > > > > > > > > On Fri, Oct 11, 2019 at 11:20 AM Rob Crittenden > > > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> > > > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>>>> wrote: > > > > > > > > Kristian Petersen via FreeIPA-users wrote: > > > > > That outlines the options, but not why I should or > > shouldn't use > > > > any of > > > > > them. That is more of what I am looking
for.
> > > > > > > > It's less benefit analysis and more forced by internal > > > requirements. > > > > > > > > Often an organization already has a CA and wants any > > > additional CA's to > > > > be subordinates. > > > > > > > > The downsides of an external CA is some additional > > complexity. > > > > > > > > Installation can be more difficult (users
often
> have issues > > > getting > > > > their external CA to properly sign the IPA
CSR),
> dealing > > with > > > a longer > > > > certificate chain and being bound by the > expiration date > > of the > > > > external CA. > > > > > > > > rob > > > > > > > > > > > > > > On Fri, Oct 11, 2019 at 9:47 AM François
Cami
> > > <fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>> > > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>>> > > > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> <mailto:fcami@redhat.com <mailto:fcami@redhat.com> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>> > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>>>>> wrote: > > > > > > > > > > Hi, > > > > > > > > > > On Fri, Oct 11, 2019 at 5:34 PM
Kristian
> Petersen via > > > > FreeIPA-users > > > > > <freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>>>> wrote: > > > > > > > > > > > > Hey y'all, > > > > > > > > > > > > What are the pros and cons of using
and
> external or > > > internal CA > > > > > for FreeIPA/IdM? I am trying to decide which to > > do but > > > having > > > > > trouble finding a lot of info about why I would > > want to > > > do one or > > > > > the other. > > > > > > > > > > The choices are documented there: > > > > > > > > > > > > > > >
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
> > > > > > > > > > François > > > > > > > > > > > Thanks in advance! > > > > > > > > > > > > -- > > > > > > Kristian Petersen > > > > > > System Administrator > > > > > > BYU Dept. of Chemistry and
Biochemistry
> > > > > > > _______________________________________________ > > > > > > FreeIPA-users mailing list -- > > > > freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>>> > > > > > > To unsubscribe send an email to > > > > > freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>> > > > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>>> > > > > > > Fedora Code of Conduct: > > > > > > > > >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > > > > List Guidelines: > > > > > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > > > > List Archives: > > > > > > > > > > > > > > >
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
> > > > > > > > > > > > > > > > > > > > -- > > > > > Kristian Petersen > > > > > System Administrator > > > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > > > > > > > > _______________________________________________ > > > > > FreeIPA-users mailing list -- > > > freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > To unsubscribe send an email to > > > > freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>> > > > > > Fedora Code of Conduct: > > > > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > > > List Guidelines: > > > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > > > List Archives: > > > > > > > > > >
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
> > > > > > > > > > > > > > > > > > > > > -- > > > > Kristian Petersen > > > > System Administrator > > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > > > > > -- > > > Kristian Petersen > > > System Administrator > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > -- > > Kristian Petersen > > System Administrator > > BYU Dept. of Chemistry and Biochemistry > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > To unsubscribe send an email to > freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: >
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
> > > > > > -- > Kristian Petersen > System Administrator > BYU Dept. of Chemistry and Biochemistry
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
Kristian Petersen wrote:
OK I must have missed that and I think I have the root cert now. I ran ipa-cacert-manage -n Digicert_Root -t C,, install DigiCert_Global_Root_CA.crt The message I got back said that this cert was installed successfully.
So now I tried adding the others using the same command as above (with a different nickname and file for each) and that failed. I tried adding them with ipa-server-certinstall but that didn't seem to work either. I ran: ipa-server-certinstall -w -d odin_chem_byu_edu.key odin_chem_byu_edu.crt DigiCertCA.crt DigiCert_Global_Root_CA.crt entered the Directory Manager password then it prompts for the private key password (there isn't one) on this. That didn't work saying I still don't have the entire chain.
You can try adding --pin '' but I'd also look at the keyfile itself to ensure it isn't encrypted.
I know this is annoying but IPA is protecting you. We could just drop the files into place and then your services wouldn't start at all. You'd be in the same place but without working services.
I contacted Digicert about this and they pointed me to an intermediate certificate I could download, but it isn't in the same format so I'm not sure what to do with it as I cannot check the subject/issuer info on it with the openssl command like the others. I attempted to just add it to the command above, but it still said I didn't have the entire chain.
What format is it in?
rob
On Wed, Oct 16, 2019 at 1:50 PM Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> wrote:
Kristian Petersen wrote: > https://drive.google.com/file/d/1Ygi85YAGh-DKfOXPz0mi9zIEbFwrSKnh/view?usp=sharing > https://drive.google.com/file/d/1nuOGG4zrhq9mAZaLMqFBHgxx3d22XKW_/view?usp=sharing > > Try using these links to my Google Drive. Sending them to > rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> failed. I don't have access to the first one. The second one containing DigiCertCA.crt is not a root: Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com <http://www.digicert.com>, CN = DigiCert H igh Assurance EV Root CA Subject: C = US, O = DigiCert Inc, OU = www.digicert.com <http://www.digicert.com>, CN = DigiCert SHA2 High Assurance Server CA rob > > On Wed, Oct 16, 2019 at 1:02 PM Rob Crittenden <rcritten@redhat.com <mailto:rcritten@redhat.com> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> wrote: > > Kristian Petersen wrote: > > I tried attaching the files to my reply but that was rejected. So > what > > is the best way to share them with you? > > You can send them directly to me if you'd like. > > rob > > > > > On Tue, Oct 15, 2019 at 3:32 PM Rob Crittenden > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> wrote: > > > > Kristian Petersen via FreeIPA-users wrote: > > > They aren't in one file. But the server cert's issuer is the > > subject of > > > the DigiCert.crt file. I have already tried adding just the > > > Digicert.crt file only to have it tell me it's Peer's > Certificate > > isn't > > > trusted. I don't even know what certificate that is talking > about. > > > > Can you share the files? > > > > rob > > > > > > > > On Tue, Oct 15, 2019 at 7:27 AM Rob Crittenden > > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>>> wrote: > > > > > > Kristian Petersen wrote: > > > > Rob, > > > > > > > > After investigating the certs as you had suggested, I do > > have the > > > whole > > > > chain. The server cert has as its issuer: > > > > Issuer: C = US, O = DigiCert Inc, OU = > www.digicert.com <http://www.digicert.com> <http://www.digicert.com> > > <http://www.digicert.com> > > > <http://www.digicert.com> > > > > <http://www.digicert.com>, CN = DigiCert SHA2 High > Assurance > > Server CA > > > > > > > > And the DigiCert.crt file has as its issuer and subject: > > > > Issuer: C = US, O = DigiCert Inc, OU = > www.digicert.com <http://www.digicert.com> <http://www.digicert.com> > > <http://www.digicert.com> > > > <http://www.digicert.com> > > > > <http://www.digicert.com>, CN = DigiCert SHA2 High > Assurance > > Server CA > > > > Subject: C = US, O = DigiCert Inc, OU = > www.digicert.com <http://www.digicert.com> <http://www.digicert.com> > > <http://www.digicert.com> > > > <http://www.digicert.com> > > > > <http://www.digicert.com>, CN = DigiCert SHA2 High > Assurance > > Server CA > > > > > > > > Am I missing something here? > > > > > > So you have the whole chain in one file? Try adding them > > individually, > > > starting at the root. > > > > > > rob > > > > > > > > > > > On Fri, Oct 11, 2019 at 12:50 PM Rob Crittenden > > > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> > > > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>>>> wrote: > > > > > > > > Kristian Petersen wrote: > > > > > New but related question: Iff I just want to > add new LDAP > > > and HTTPS > > > > > certs (not replacing the current ones) I know > that can be > > > done. I > > > > read > > > > > an article from Florence Blanc-Renaud that mentions > > it, but > > > I ran into > > > > > some errors and I'm trying to troubleshoot them. > When > > I ran > > > > > ipa-server-certinstall and gave it the key I > generated and > > > the crt > > > > file > > > > > I got from Digicert it said the entire chain was not > > > present. So > > > > then I > > > > > tried including the DigiCertCA.crt file as well, > > however, I got > > > > the same > > > > > result. > > > > > > > > > > I next tried adding the DigiCert certificate to IPA > > > > > usingipa-cacert-manage -p DM_PASSWORD -n NICKNAME -t > > C,, install > > > > > DigiCertCA.crt > > > > > This also failed giving an error that the cert > was invalid > > > because the > > > > > Peer's Certificate issuer was not recognized. Any > > thoughts > > > about > > > > what I > > > > > might have missed? > > > > > > > > You don't have the full chain. It can be tricky to > find the > > > whole list > > > > even on CA's that make it relatively easy. > > > > > > > > What you want to do is use a tool like openssl x509 to > > display the > > > > subject and issuer: > > > > > > > > openssl x509 -text -noout -in /path/to/cert > > > > > > > > I'd start with the server cert you've been issued. > Find a > > > matching CA > > > > cert where the subject of the CA cert matches the > issuer > > on the > > > > server cert. > > > > > > > > Then find another CA cert whose subject matches the > > issuer of > > > the bottom > > > > of the chain, and work upwards until you find a CA > cert > > where > > > the issuer > > > > and subject match. Then you've found the root. > That plus > > the other > > > > matching CA certs is your chain. > > > > > > > > I'll also note about the "add but not replace" the > LDAP and > > > Web certs. > > > > There can only be one active. You can certainly use > > different > > > physical > > > > files and nicknames to store the new certs but > only one > > set is > > > active at > > > > a time. > > > > > > > > rob > > > > > > > > > > > > > > > > > > > On Fri, Oct 11, 2019 at 11:20 AM Rob Crittenden > > > > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> > > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>>> > > > > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>> > > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> > > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>> > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>>>>>> wrote: > > > > > > > > > > Kristian Petersen via FreeIPA-users wrote: > > > > > > That outlines the options, but not why I > should or > > > shouldn't use > > > > > any of > > > > > > them. That is more of what I am looking for. > > > > > > > > > > It's less benefit analysis and more forced > by internal > > > > requirements. > > > > > > > > > > Often an organization already has a CA and > wants any > > > > additional CA's to > > > > > be subordinates. > > > > > > > > > > The downsides of an external CA is some > additional > > > complexity. > > > > > > > > > > Installation can be more difficult (users often > > have issues > > > > getting > > > > > their external CA to properly sign the IPA CSR), > > dealing > > > with > > > > a longer > > > > > certificate chain and being bound by the > > expiration date > > > of the > > > > > external CA. > > > > > > > > > > rob > > > > > > > > > > > > > > > > > On Fri, Oct 11, 2019 at 9:47 AM François Cami > > > > <fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>> > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>>> > > > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> <mailto:fcami@redhat.com <mailto:fcami@redhat.com> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>> > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>>>> > > > > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>> > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>>> > > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>> > > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>> > > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>> > <mailto:fcami@redhat.com <mailto:fcami@redhat.com> <mailto:fcami@redhat.com <mailto:fcami@redhat.com>>>>>>>> wrote: > > > > > > > > > > > > Hi, > > > > > > > > > > > > On Fri, Oct 11, 2019 at 5:34 PM Kristian > > Petersen via > > > > > FreeIPA-users > > > > > > <freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>>> > > > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>>>>> wrote: > > > > > > > > > > > > > > Hey y'all, > > > > > > > > > > > > > > What are the pros and cons of using and > > external or > > > > internal CA > > > > > > for FreeIPA/IdM? I am trying to > decide which to > > > do but > > > > having > > > > > > trouble finding a lot of info about > why I would > > > want to > > > > do one or > > > > > > the other. > > > > > > > > > > > > The choices are documented there: > > > > > > > > > > > > > > > > > > > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/install-server > > > > > > > > > > > > François > > > > > > > > > > > > > Thanks in advance! > > > > > > > > > > > > > > -- > > > > > > > Kristian Petersen > > > > > > > System Administrator > > > > > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > > _______________________________________________ > > > > > > > FreeIPA-users mailing list -- > > > > > freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>>> > > > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>>>> > > > > > > > To unsubscribe send an email to > > > > > > > freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>> > > > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>>> > > > > > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>> > > > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>>>> > > > > > > > Fedora Code of Conduct: > > > > > > > > > > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > > > > > List Guidelines: > > > > > > > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > > > > > List Archives: > > > > > > > > > > > > > > > > > > > > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Kristian Petersen > > > > > > System Administrator > > > > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > FreeIPA-users mailing list -- > > > > freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>> > > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>>>> > > > > > > To unsubscribe send an email to > > > > > freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>> > > > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>> > > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>>>>> > > > > > > Fedora Code of Conduct: > > > > > > > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > > > > List Guidelines: > > > > > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > > > > List Archives: > > > > > > > > > > > > > > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Kristian Petersen > > > > > System Administrator > > > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > > > > > > > > > -- > > > > Kristian Petersen > > > > System Administrator > > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > > > > > -- > > > Kristian Petersen > > > System Administrator > > > BYU Dept. of Chemistry and Biochemistry > > > > > > > > > _______________________________________________ > > > FreeIPA-users mailing list -- > freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> > > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> > > > To unsubscribe send an email to > > freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> > > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> > > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > > > > > > > > > -- > > Kristian Petersen > > System Administrator > > BYU Dept. of Chemistry and Biochemistry > > > > -- > Kristian Petersen > System Administrator > BYU Dept. of Chemistry and Biochemistry
-- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
freeipa-users@lists.fedorahosted.org