[Freeipa-devel] [PATCHES] 0210-0213 Drop selfsign server functionality
Petr Viktorin
pviktori at redhat.com
Thu Apr 4 15:15:15 UTC 2013
Hello,
These patches convert selfsign masters to CA-less on upgrade, and remove
all selfsign-related code
The files the CA uses are left around for admins to pick up cert
management manually. Instructions for that are provided in the design
document. They pretty much just document what the selfsign CA did.
Removing the automation may seem like a step backwards, but when the
steps are just a wiki page, the admins can adjust for their needs (e.g.
issue wildcart certs). For an automated solution we have Dogtag.
Design: http://freeipa.org/page/V3/Drop_selfsign_functionality
Ticket: https://fedorahosted.org/freeipa/ticket/3494
(Note that removing the --selfsign *option*, not functionality, has a
separate ticket and design doc.)
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0210-Uninstall-selfsign-CA-on-upgrade.patch
Type: text/x-patch
Size: 5782 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130404/89efb844/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0211-Remove-obsolete-self-sign-references-from-man-pages-.patch
Type: text/x-patch
Size: 6039 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130404/89efb844/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0212-Drop-selfsign-server-functionality.patch
Type: text/x-patch
Size: 55265 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130404/89efb844/attachment-0002.bin>
More information about the Freeipa-devel
mailing list