In a future, we would like to support 2 flavors of certificate management in IPA:
--external-ca
--dirsrv_pkcs12
--http_pkcs12
Installation with --selfsign (selfsigned certificate managed in local NSS database on server) is rather troublesome and not even supported - it should be dropped.
--selfsign
Related ticket: #3363 (fixing --http_pkcs12 & friends). We should fix both at the same time.
Related ticket: #3360. We should make sure we cover it as well.
This also involves:
I've opened ticket https://fedorahosted.org/freeipa/ticket/3534 for removing the --selfsign option, making it impossible to install new selfsign masters. This one will track the converting and removal of functionality.
master:[[br]] e736e75[[br]] 006ab23[[br]] 4e3c105[[br]]
Metadata Update from @mkosek: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 3.2 - 2013/04 (Beta)
Login to comment on this ticket.