URL: https://github.com/freeipa/freeipa/pull/526 Title: #526: server install: do not attempt to issue PKINIT cert in CA-less
HonzaCholasta commented: """ Updated the PR to also handle CA-less server upgrade. @abbra, I'm not opposed to the idea of using the local CA to issue the KDC cert, but if we agree to use it, we should use it in both CA-less and CA-ful - if the CA does not need to be trusted as you say, using the IPA CA in CA-ful is meaningless and only adds unnecesary complexity. """ See the full comment at https://github.com/freeipa/freeipa/pull/526#issuecomment-283377523
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
