[Freeipa-users] Certificate Issues
Orion Poplawski
orion at cora.nwra.com
Tue Feb 19 21:38:48 UTC 2013
This is a followup to some previous discussions. I have been lobbying to keep
(and fix) the ability to install your own certificates when configuring IPA in
order to make use of wildcard SSL certificates. But it seems this will not be
the case. My last post on this went unanswered and I see tickets for the
removal going forward.
As I understand it though, I'll still be able to generate a CSR for the server
and get it signed by and external CA? If this is the case, I guess this extra
expense of individual SSL certificates for the various IPA servers could be
acceptable, although unfortunate as this is what we had hoped to avoid with
the wildcard cert.
Finally, there was mention of the possibility of getting the IPA CA signed by
an external authority. Just to let everyone know, this is a very expensive
proposition. I was quoted a $22,500 start fee plus licensing costs. This is
*way* out of our (and I suspect many other small businesses) price range.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list