[Freeipa-devel] [freeipa PR#526][comment] server install: properly handle PKINIT-related options

abbra Wed, 01 Mar 2017 04:32:55 -0800

  URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options


abbra commented:
"""
No, you are wrong. Certmonger has own local self-signed CA in all installs:

    # getcert list-cas
      ....
     CA 'local':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/local-submit

This is what can and should be used for self-signed case for PKINIT.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/526#issuecomment-283327044

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#526][comment] server install: properly handle PKINIT-related options

Reply via email to