Add options to getcert to dictate where we'll save a copy of a root certificate and possible chain certificates, once we start caching and refreshing them.
For maximum flexibility, we'll want to supply options for both alongside-a-certificate handling and general not-related-to-an-issued-certificate cases that will let consumers of certificates specify where the CA and intermediate certificates should be stored. For not-related-to-an-issued-certificate cases, we'll probably have to add options for adding and removing locations from lists of storage locations that we keep for given known CAs.
For the sake of cases where we're not also managing a specific certificate, we'll need to be able to handle pre-save and post-save commands to avoid locking-related problems with NSS databases and to be able to force re-reads of CA information after we write it.
The new -a and -F options should be available in 0.75 and later. There's support for more internally, but for now we're only concerning ourselves with roots for the CAs themselves.
CA certificate retrieval is implemented for 'IPA' and 'local'.
Metadata Update from @nalin:
- Issue set to the milestone: 0.76
to comment on this ticket.