[Freeipa-devel] Multiple CA certificates in LDAP, questions
Dmitri Pal
dpal at redhat.com
Tue Sep 10 15:10:25 UTC 2013
On 09/10/2013 08:49 AM, Simo Sorce wrote:
>
> What if there is no IPA CA (CA-less)? Should we assume that the user has
> their own CA in control and allow only certs signed by that single CA?
>
> Regarding SNI, it apparently is not supported in server-side NSS
> (https://bugzilla.mozilla.org/show_bug.cgi?id=360421)
> We need to either push for a solution to this or allow to switch to
> mod_ssl.
Jan Pazdziora investigated us switching to mod_ssl. It is not trivial.
Also I would check with Kai. Based on his last comment in the bug there
might be some work happening there.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list