[Freeipa-users] Certificate Issues
Orion Poplawski
orion at cora.nwra.com
Tue Feb 19 22:17:22 UTC 2013
On 02/19/2013 03:10 PM, Simo Sorce wrote:
> On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote:
>> This is a followup to some previous discussions. I have been lobbying to keep
>> (and fix) the ability to install your own certificates when configuring IPA in
>> order to make use of wildcard SSL certificates. But it seems this will not be
>> the case. My last post on this went unanswered and I see tickets for the
>> removal going forward.
>>
>> As I understand it though, I'll still be able to generate a CSR for the server
>> and get it signed by and external CA? If this is the case, I guess this extra
>> expense of individual SSL certificates for the various IPA servers could be
>> acceptable, although unfortunate as this is what we had hoped to avoid with
>> the wildcard cert.
>>
>> Finally, there was mention of the possibility of getting the IPA CA signed by
>> an external authority. Just to let everyone know, this is a very expensive
>> proposition. I was quoted a $22,500 start fee plus licensing costs. This is
>> *way* out of our (and I suspect many other small businesses) price range.
>
> Why would you need to get your CA signed by a public authority ?
>
> When we say external we generally think of another "Internal CA" that
> you already use for your own services.
>
> Simo.
>
>
https://www.redhat.com/archives/freeipa-users/2013-January/msg00216.html
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list