Hi everybody.
I am back in charge of some freeipa servers and would like to check for best documentation on upgrading FreeIPA to use TLS.
I have found: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16....
Is this the best I can find?
Please any hint?
Many thanks
Marcelo
On Mon, Sep 25, 2023 at 04:05:33PM -0000, Marcelo Carvalho via FreeIPA-users wrote:
Hi everybody.
I am back in charge of some freeipa servers and would like to check for best documentation on upgrading FreeIPA to use TLS.
Why dou you think FreeIPA isn't using TLS? How do you check?
Hi Tomasz.
This was one question to myself I made and on my understanding TLS has been use, but I need confirmation.
Please, how can we confirm that TLS is been used?
Can you please advise?
Many thanks
Marcelo
I have downloaded and used cipherscan
./cipherscan.txt 127.0.0.1
I belie this does it. Correct?
Please advise.
Many thanks
Marcelo
Marcelo Carvalho via FreeIPA-users wrote:
I have downloaded and used cipherscan
./cipherscan.txt 127.0.0.1
I belie this does it. Correct?
You don't need to scan all the available ciphers unless you want to do that as well. If you just want to verify that the IPA servers have TLS listeners you can run:
for port in 443 636 8443 do openssl s_client -connect `hostname`:$port < /dev/null done
And verify in the output that all three ports had successful connections.
It's still unclear what you're worried about. Are you concerned that someone actively disabled TLS?
rob
freeipa-users@lists.fedorahosted.org