I need to assign custom certificate to users.
So I do
# ipa user-add-cert --certificate="$(cat -)" david
and paste the base64 content of client.crt.
The
# ipa user-find --all --raw david | grep userCertificate
shows the certificate is there
userCertificate;binary: MIICrzCCAZeg[... truncated ...]EeI5/ug==
Yet when I refresh the WebUI, looking at the david user, the field
Certificate
still says
No Valid Certificate
This is with ipa-server-4.2.0-3.el7.x86_64.
Things work when I add the certificate using ldapmodify with
changetype: modify add: usercertificate usercertificate:< file:client.der
The difference is that the attribute is {{{userCertificate}}}, not {{{userCertificate;binary}}}.
Also note https://fedorahosted.org/sssd/ticket/2742.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1072383 (Red Hat Enterprise Linux 7)
master:
ipa-4-2:
Metadata Update from @adelton: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.