#4938 [RFE] Allow issuing certificates for user accounts
Closed: Fixed None Opened 9 years ago by mkosek.

Currently, certificates can be issued only for hosts and services. For some of the use cases, like authentication of services with SSL certificates (example freeipa-users request), FreeIPA should be able to also issue certificate for (system) users.

FreeIPA should be able to issue the certificates for both standard POSIX users and for system users (users with limited objectclasses and no password expiration policy).

Prerequisites: multiple cert profiles (#57), system users API (#2801).


The system should be able to get user certificates either by certmonger or FreeIPA API. Certmonger already support different profiles but IPA throws it away.

This is already planned for FreeIPA 4.2, part of Fraser's work on (#57).

master:

  • c09bd35 Add generic split_any_principal method
  • 979947f Add usercertificate attribute to user plugin
  • a931d3e Update cert-request to support user certs and profiles

The functionality is there. From now on, the feature is in bugfixing mode.

Metadata Update from @mkosek:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.2

7 years ago

Login to comment on this ticket.

Metadata