[Freeipa-devel] [freeipa PR#526][comment] server install: do not attempt to issue PKINIT cert in CA-less
HonzaCholasta
freeipa-github-notification at redhat.com
Wed Mar 1 15:46:54 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: do not attempt to issue PKINIT cert in CA-less
HonzaCholasta commented:
"""
Updated the PR to also handle CA-less server upgrade.
@abbra, I'm not opposed to the idea of using the local CA to issue the KDC cert, but if we agree to use it, we should use it in both CA-less and CA-ful - if the CA does not need to be trusted as you say, using the IPA CA in CA-ful is meaningless and only adds unnecesary complexity.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/526#issuecomment-283377523
More information about the Freeipa-devel
mailing list