Bug 1381379

Summary: Merging subordinate CA and external CA installation
Product: Red Hat Enterprise Linux 7 Reporter: Matthew Harmsen <mharmsen>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED UPSTREAM QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-31 01:51:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Matthew Harmsen 2016-10-03 22:46:47 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/pki/ticket/2491

Dogtag supports the following installation cases:

* subordinate CA (1 step)
* external CA (2 steps)

In the subordinate CA case, the new CA has an option whether to join the existing security domain or to create a new security domain.

In the external CA case, if the parent CA is Dogtag, the new CA should have the same option as well.

To reduce code maintenance, it might be possible to merge the code for these cases. The subordinate CA install would be an automated 1-step process, while the external CA install would be a manual 2-step process. The difference is whether to sign the CSR automatically or manually.
Comment 1 Matthew Harmsen 2016-10-04 20:45:41 UTC 
Per PKI Bug Council Meeting of 10/04/2016: 7.4