[Freeipa-users] Certificate Issues
Simo Sorce
simo at redhat.com
Tue Feb 19 22:10:27 UTC 2013
On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote:
> This is a followup to some previous discussions. I have been lobbying to keep
> (and fix) the ability to install your own certificates when configuring IPA in
> order to make use of wildcard SSL certificates. But it seems this will not be
> the case. My last post on this went unanswered and I see tickets for the
> removal going forward.
>
> As I understand it though, I'll still be able to generate a CSR for the server
> and get it signed by and external CA? If this is the case, I guess this extra
> expense of individual SSL certificates for the various IPA servers could be
> acceptable, although unfortunate as this is what we had hoped to avoid with
> the wildcard cert.
>
> Finally, there was mention of the possibility of getting the IPA CA signed by
> an external authority. Just to let everyone know, this is a very expensive
> proposition. I was quoted a $22,500 start fee plus licensing costs. This is
> *way* out of our (and I suspect many other small businesses) price range.
Why would you need to get your CA signed by a public authority ?
When we say external we generally think of another "Internal CA" that
you already use for your own services.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list