[Freeipa-devel] [PATCH 0001] ipa-server-certinstall should not tell certmonger to track 3rd party certificates
Jan Cholasta
jcholast at redhat.com
Wed Jan 13 06:47:13 UTC 2016
Hi Thorsten,
thanks for the patch, but unfortunately it isn't as simple as this - if
the provided certificate was issued by our CA, we should still track it.
As part of installer improvements in 4.4, we plan to always track all
certificates, even 3rd party ones (this way we can have the same
certmonger configuration everywhere, plus the user will be at least
warned when the certificate is about to expire), which will also fix
this issue.
Does that sound OK?
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list