• May 21, 2017  Overview Last updated 2018-05-17 If you want to serve webpages with ssl certificates that have Subject Alternative Names, and you use FreeIPA, you will need to take a few steps to make this possible. If you got to this page, you probably already know the importance of SAN on a cert. This document will demonstrate.
• The page instructs that the ipa-getkeytab command be run on the FreeIPA server to generate a keytab (which I assume contains a new host principal key) for a Windows machine being kerberized. At no point in the instructions does it say anything about copying that generated keytab over to.

• Freeipa Generate New Host Keyboard
• Freeipa Generate New Host Key Mac
• Freeipa Generate New Host Keys

How do I create a host key file to use with my applications as I can not use system defined /etc/ssh/ssh_host_rsa_key for non-root account under Linux / Unix / Apple OS X / *BSD operating systems?
You need to use a command called ssh-keygen. This command generates, manages and converts authentication keys for ssh. It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. he type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The -f option specifies the filename of the key file.

Aug 24, 2014 6 thoughts on “ Creating certs and keys for services using FreeIPA (Dogtag) ” Karl 24 July, 2015 at 7:14 pm. Thanks a lot!! You can add -w -v to ipa-getcert, useful on problem.

Why create a new host key files?

You may need a new key file:

1. Your system is compromised.
2. Your keys are stolen.
3. You forgotten the passphrase.
4. Your application need a new host key.
5. You can not read the default system key files stored in /etc/ssh/ directory but your non-root application needs key.
6. You got an error message which read as “Could not load host key: /etc/ssh/ssh_host_key*”.

Freeipa Generate New Host Keyboard

ssh-keygen Syntax

The syntax is:

Example

Create a host key file in your $HOME/.ssh/myapp as follows. First, create a directory to store your host key file, enter:
$ mkdir -p $HOME/.ssh/myapp
To create a host RSAv2 key file, run:
$ ssh-keygen -t rsa -f $HOME/.ssh/myapp/rsa_key_file
Sample outputs:

Type the following commands to verify the keys:
$ ls -l $HOME/.ssh/myapp/
Sample outputs:

Freeipa Generate New Host Key Mac

You can now use keys with your app:
$ mycool-app -key $HOME/.ssh/myapp/rsa_key_file -d

Freeipa Generate New Host Keys

ADVERTISEMENTS