As requested by dkupka - https://www.redhat.com/archives/freeipa-users/2015-September/msg00302.html
We frequently create and destroy IPA managed environments. Currently we use self-signed standalone IPA CAs.
We would like to switch to internally-signed IPA CA certs - which IPA does support. However, the install process is two step, which isn't great for automated use.
Since certmonger is being used for the CSR generation process, it should be possible to use it to submit the CSR to a remote server (Dogtag in my case), and have it handle the certificate request process automatically - no 2 step necessary.
Duplicate of #5317.
I was asked to create two tickets, as these are two different features - however, either would solve our particular problem.
https://www.redhat.com/archives/freeipa-users/2015-September/msg00311.html
That does not really matter - either way, this will be done using certmonger.
If you actually want to use a private key from a PKCS#12 file to sign the IPA CA certificate, file a certmonger ticket to support PKCS#12 files as storage. Currently it supports PEM files and NSS databases.
The discussion can continue in ticket #5317.
Metadata Update from @jamesmasson: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.