9:17 p.m.
I have a manjorao desktop in the environment that i need to be able to access the freeipa
based systems and not get cert errors every where. I will probably attempt to build the
client on that system in the future but right now i just need the certs freeipa made to be
valid.
how does one go about exporting the root cert and then importing it in a way chrome will
accept its validity or is that a matter of getting the enterprise tools to force it to
work?
9:56 a.m.
New subject: add freeipa root cert to chrome on a non ipa client system.
Kendrick . via FreeIPA-users wrote:
I have a manjorao desktop in the environment that i need to be able
to access the freeipa based systems and not get cert errors every where. I will probably
attempt to build the client on that system in the future but right now i just need the
certs freeipa made to be valid.
how does one go about exporting the root cert and then importing it in a way chrome will
accept its validity or is that a matter of getting the enterprise tools to force it to
work?
The trick is in distributing it securely. It is available in an insecure
way from http://<YOUR_IPA_MASTER>/ipa/config/ca.crt. Chrome may even
install the CA locally if you hit that directly.
I don't know how Manjaro handles a centralized CA bundle but I imagine
in a similar way as Ubuntu:
sudo cp ca.crt /usr/local/share/ca-certificates/ipa.pem
sudo update-ca-certificates
rob
1501
days inactive
1501
days old
freeipa-users@lists.fedorahosted.org
1 comments
2 participants
participants (2)
-
Kendrick . -
Rob Crittenden