[Freeipa-users] Heads-up: Removing self-sign CA
Christian Horn
chorn at fluxcoil.net
Thu Mar 28 08:10:45 UTC 2013
Hi,
On Tue, Mar 26, 2013 at 05:02:34PM +0100, Petr Viktorin wrote:
>
> We will soon be introducing a way to install IPA with custom
> certificates without a CA at all. When that is merged, it will no
> longer be possible to install a self-sign server.
I see that the change in functionality is in line with generic
unix principles, linux distros have already tools to create and
manage own, self signed CA's.
Yet from what I understand, this change will make all test setups
more complicated.
One has then by oneself to deploy an own CA (i.e. with the openssl
tools) and have it sign the IPA cert.
Christian
More information about the Freeipa-users
mailing list