If the SP machine is enrolled as an IPA client then it should be able to get a certificate from the IPA CA if the service is pre-created.
Add an option to at least try.
This would need a call to ipa service-show HTTP/hostname to see if the service exists. If it does then have certmonger get one.
hostname
If we want to get really fancy the client installer could prompt to continue or not. If continue (or we don't ask) then it would generate a self-signed cert like it does today.
Fields changed
design_link: => milestone: => Backlog
Metadata Update from @nkinder: - Issue set to the milestone: Backlog
Log in to comment on this ticket.