[Freeipa-users] Certificate Issues

[Orion Poplawski]

This is a followup to some previous discussions.  I have been lobbying to keep 
(and fix) the ability to install your own certificates when configuring IPA in 
order to make use of wildcard SSL certificates.  But it seems this will not be 
the case.  My last post on this went unanswered and I see tickets for the 
removal going forward.

As I understand it though, I'll still be able to generate a CSR for the server 
and get it signed by and external CA?  If this is the case, I guess this extra 
expense of individual SSL certificates for the various IPA servers could be 
acceptable, although unfortunate as this is what we had hoped to avoid with 
the wildcard cert.

Finally, there was mention of the possibility of getting the IPA CA signed by 
an external authority.  Just to let everyone know, this is a very expensive 
proposition.  I was quoted a $22,500 start fee plus licensing costs.  This is 
*way* out of our (and I suspect many other small businesses) price range.

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com