[Freeipa-devel] [freeipa PR#337][comment] Client-side CSR autogeneration (take 2)
HonzaCholasta
freeipa-github-notification at redhat.com
Mon Jan 23 11:26:05 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/337
Title: #337: Client-side CSR autogeneration (take 2)
HonzaCholasta commented:
"""
@LiptonB, there's still one issue which I'd like to be resolved in this PR, and that's that currently CSR templates are tied to certificate profiles. IMO this needs to be changed, as certificate profiles in IPA are Dogtag-specific, but Dogtag is not required to generate CSRs with this feature, and it should be possible to use this feature even in CA-less mode when Dogtag is not installed and certificate profiles are not available. Luckily this PR has no hard dependency on certificate profiles, with the exception of the `validate_profile_id()` call and the inclusion of the `userCert` profile, both of which I would like to be removed before the PR is merged.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/337#issuecomment-274463063
More information about the Freeipa-devel
mailing list