The DS and HTTP certs specified in CA-less server install with --dirsrv-cert-file and --http-cert-file must currently be issued by the same CA. This is an artificial limitation, as FreeIPA supports multiple CA certificates since 4.1.
Remove the limitation and allow different CAs for DS and HTTP certs.
Metadata Update from @jcholast:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog
to comment on this ticket.