#5092 certprofile: add option or command to copy a profile
Opened 3 years ago by ftweedal. Modified 2 years ago

Add a --copy' option to certprofile-import, or a separate commandcertprofile-copy',
to make a copy of an existing profile.

An `--output' option (#5091) will make it possible for users to accomplish this, with
additional steps, so this is somewhat less important.

It's very difficult for users to make any sense of profile configuration files. Users need to copy the certificate profiles from /var/lib/pki/pki-tomcatd/ca/profile/ca

Instead it would be nice if there is a option called --template:
ipa certprofile-import --desc="Manual User Dual-Use Certificate Enrollment" --template=user --store=False

ftweedal: Yes, the profile configuration is awful - there are long term plans for a friendlier "profile builder" feature but that will not help current users.

--template concept is feasible, but there is not actually any templating - perhaps --copy <existing-profile-id> argument or even separate command certprofile-copy is clearer?

Niranjan: okay looks good to me.

FreeIPA 4.2.1 was released, moving to 4.2.x.

Metadata Update from @ftweedal:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

2 years ago

Login to comment on this ticket.