Bug 1639441

Summary: bundle CA profile for subordinate CAs into ipa/IdM
Product: Red Hat Enterprise Linux 7 Reporter: jzaher
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED WONTFIX QA Contact: ipa-qe <ipa-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.6CC: abokovoy, ftweedal, pvoborni, rcritten, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-05 08:53:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jzaher 2018-10-15 18:06:31 UTC 
Description of problem:

Signing a subordinate CA's CSR in IdM is difficult and requires tinkering.  This functionality should be built in and present with the product.  Please bundle a subordinate CA profile like the one described in the following links [1][2] into ipa/IdM.

[1] https://access.redhat.com/solutions/3572691
[2] https://frasertweedale.github.io/blog-redhat/posts/2018-08-21-ipa-subordinate-ca.html


Version-Release number of selected component (if applicable):
RHEL 7

How reproducible:
consistent/100%
Comment 2 Fraser Tweedale 2018-10-19 09:07:05 UTC 
Please read my comments on this RFE in my blog post:
https://frasertweedale.github.io/blog-redhat/posts/2018-10-19-ipa-sub-ca-profile.html.

The the reasons outlined there I'm inclined to close this WONTFIX,
but would like additional opinions (including CEE's).
Comment 3 Alexander Bokovoy 2018-11-05 08:53:06 UTC 
Closing as WONTFIX according to comment 2. If you disagree, please provide arguments for another action.