[Freeipa-devel] design review: Certificate Profiles
Milan Kubik
mkubik at redhat.com
Fri Apr 17 12:21:16 UTC 2015
On 04/16/2015 10:03 AM, Fraser Tweedale wrote:
> Hi everyone,
>
> Please review my Certificate Profiles design proposal:
> http://www.freeipa.org/page/V4/Certificate_Profiles
>
> Let me know what is unclear, what needs expansion, and what is plain
> wrong :)
>
> The schema for storing multiple certificates for a principal is
> still being discussed but I expect it will be agreed soon, and I
> will add it to the document.
>
> I am revising the sub-CAs design proposal and it will soon be
> published for review as well.
>
> Cheers,
> Fraser
>
Hello Fraser,
I will reiterate one of my concernes from our private mails here for the
wider audience :)
I'd really like to have a way how to list the profiles managed by IPA
other than using
the dogtag REST API directly. Simple wrapper around the api call for
/ca/rest/profiles[/$id[/raw]]
endpoints returning a list of IDs [and dumping the profile to file] for
the sake of consistency,
since other endpoints are wrapped by ipa commands, would be sufficient
for me.
This can be also used to query the information (at least the list of
IDs) when used in the web UI.
I don't know how exactly dogtag is wired into IPA (I've seen that there
is separate suffix
on the DS instance) and I don't really need to duplicate any data into
the defaultNamingContext
and its subtree.
Cheers,
Milan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150417/5369fa21/attachment.htm>
More information about the Freeipa-devel
mailing list