Bug 488905 - Document option to automatically create service principal and/or certs when a new service is set up (later than machine join)
Document option to automatically create service principal and/or certs when a...
Status: CLOSED DUPLICATE of bug 646214
Product: freeIPA
Classification: Community
Component: Documentation (Show other bugs)
All Linux
medium Severity medium
: v2 release
: ---
Assigned To: David O'Brien
Chandrasekar Kannan
: Documentation
Depends On:
Blocks: 431020 freeipa20 489811 646214 646217
  Show dependency treegraph
Reported: 2009-03-06 00:26 EST by David O'Brien
Modified: 2015-01-04 18:37 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 646214 (view as bug list)
Last Closed: 2010-11-28 22:25:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David O'Brien 2009-03-06 00:26:24 EST
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 David O'Brien 2009-03-08 17:55:26 EDT
Version set to 1.1 by  mistake. Resetting to 2.0
Comment 2 David O'Brien 2010-01-31 23:48:12 EST
mailed the list for info
Comment 3 Rob Crittenden 2010-02-01 10:45:20 EST
Not sure I understand the topic. Creating services/certs is always going to have some amount of manual intervention after the initial realm join.

You first have to ensure that the host exists (which it should if it has joined the realm): ipa host-show ipa.example.com

To create a service: ipa service-add test/ipa.example.com

To request a certificate for that service: ipa cert-request --principal=test/ipa.example.com example.csr

Note that you can use --add to create the service when the certificate is requested. example.csr is a file containing the certificate request.

Another alternative is to use certmonger to manage the certificate request process for you: ipa-getcert request -d /etc/pki/nssdb -n Server-Cert

/etc/pki/nssdb is the global NSS database
Server-Cert is the nickname of this certificate which needs to be unique in that database. There is nothing magical about this name, it can be anything.

Use ipa-getcert list to show the current status of certificates managed by certmonger
Comment 5 David O'Brien 2010-11-28 22:25:49 EST

*** This bug has been marked as a duplicate of bug 646214 ***

Note You need to log in before you can comment on or make changes to this bug.