#6223 Support DNSSEC key import / migration from non-IPA DNSSEC solution
Opened 4 years ago by pspacek. Modified a month ago

A Fedora user was able to import DNSSEC keys from non-IPA DNSSEC solution into FreeIPA. This required quite a lot of manual steps and fiddling with values in OpenDNSSEC database:
https://www.redhat.com/archives/freeipa-users/2016-August/msg00278.html

The proces can be made much smoother with just few tweaks in existing FreeIPA & SoftHSM code. We should do this to enable actual DNSSEC users to migrate to FreeIPA, which will make adoption easier.

User story

I'm DNS administrator in an organization which is about to deploy FreeIPA. I want to use FreeIPA DNS to get tight integration and remove some of the maintenance burden from me.

My existing system is using DNSSEC. I want to migrate to FreeIPA and import existing DNSSEC keys so the system continues working after the migration.


Metadata Update from @pspacek:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.5 backlog

4 years ago

Metadata Update from @mbasti:
- Issue assigned to tkrizek (was: mbasti)
- Issue close_status updated to: None

3 years ago

Metadata Update from @tkrizek:
- Assignee reset

2 years ago

Metadata Update from @frenaud:
- Issue set to the milestone: DNSSEC (was: FreeIPA 4.5 backlog)

a month ago

Login to comment on this ticket.

Metadata