If we're running on a host for virtual guests, we might want to be able to handle the whole CA enrollment/refreshing process for the guests. This might include learning to put the root certificate on the guest's filesystem, probably using libguestfs. This might require adding support for using helpers to do the things we currently just do as a subprocess (generate keys, read key info, generate CSRs, self-sign certificates, store certificates, read certificates) to keep the dependency optional at packaging-time.
New milestone was created for milestone-less tickets.
Metadata Update from @mkosek:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE
to comment on this ticket.