[Freeipa-devel] [freeipa PR#526][comment] server install: properly handle PKINIT-related options
abbra
freeipa-github-notification at redhat.com
Wed Mar 1 12:26:25 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options
abbra commented:
"""
No, you are wrong. Certmonger has own local self-signed CA in all installs:
# getcert list-cas
....
CA 'local':
is-default: no
ca-type: EXTERNAL
helper-location: /usr/libexec/certmonger/local-submit
This is what can and should be used for self-signed case for PKINIT.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/526#issuecomment-283327044
More information about the Freeipa-devel
mailing list