#3520 [RFE] Support multiple CA certificates in LDAP
Closed: Fixed None Opened 8 years ago by rcritten.

It is unclear how the case of a cert chain is or should be handled when storing it in LDAP.

We load data as DER files so if multiple are needed for a chain chances are good we will only store one, and which one is unclear.

Whether we store the data as one huge blob or as a multi-valued list is also unclear. The order should not matter as long as they are all trusted.

The idea of replacing or updating a certificate needs to be investigated as well, for the case with a new CA is issued but we want to keep the old one available for posterity.

This affects the client as well as it needs to fetch and store all certificates.


Duplicate of #3259, unless I'm missing something

This is for storing, for example, a renewed CA certificate along with the old one, or for storing the entire cert chain.

Granted that the cert chain isn't necessarily required by SSL clients, it may still be an easier way to distribute the data for any servers that are setting up, which would.

Reassigning to jcholast, as agreed with him.

Moving to current 3.4 month cycle.

3.4 development was shifted for one month, moving tickets to reflect reality better.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

This ticket is not complete yet, moving to next month milestone.

Adding to list of tickets required for 4.0 release.

There is not enough time to review and test this feature properly for 4.0. Moving to 4.1.

Closed with #3737, see there for the commit list.

Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.1

4 years ago

Login to comment on this ticket.

Metadata