In a future, we would like to support 2 flavors of certificate management in IPA:
Installation with --selfsign (selfsigned certificate managed in local NSS database on server) is rather troublesome and not even supported - it should be dropped.
Related ticket: #3363 (fixing --http_pkcs12 & friends). We should fix both at the same time.
Related ticket: #3360. We should make sure we cover it as well.
This also involves:
I've opened ticket https://fedorahosted.org/freeipa/ticket/3534 for removing the --selfsign option, making it impossible to install new selfsign masters. This one will track the converting and removal of functionality.
Metadata Update from @mkosek:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 3.2 - 2013/04 (Beta)
to comment on this ticket.