Description of problem: When a machine is joined to IPA domain, getting a new certificate is pretty easy, all that's needed is to issue this command: ipa-getcert request -f /etc/pki/tls/certs/localhost.crt -k /etc/pki/tls/private/localhost.key -r The result will be a new certificate in specified locations directly usable by mod_ssl in a matter of seconds. The certificate will also get auto-renewed when it will be about to expire. No further authentication is needed either. Because of all of these, it would be nice for engine-setup to include an option to request a web certificate from IPA as a part of setup process. Version-Release number of selected component (if applicable): oVirt 3.6
this may be dup of bug#1134219, although it will provide limited set of options. we do not replace sysadmin, configuration of apache ssl is optional, sysadmin can configure it in any way he wishes, engine setup does not enforce anything. in your sequence you can instruct engine not to configure apache ssl and use the command provided in order to configure it. so I would have closed this as wontfix.
This would be a tiny subset of bug 1134219 and possibly of IPA integration. I know I can instruct not to configure ssl and finish it by myself but this seems so easy on setup part (try the command and print result) that it's worth to have it without any other bits in place.
(In reply to David Jaša from comment #2) >that it's worth to have it without any other bits in place. no it is not. we should focus in our product. sysadmin are paid for a reason.
(In reply to David Jaša from comment #2) > This would be a tiny subset of bug 1134219 and possibly of IPA integration. > I know I can instruct not to configure ssl and finish it by myself but this > seems so easy on setup part (try the command and print result) that it's > worth to have it without any other bits in place. I prefer (right now) to have a good documented procedure for the integration than invest in developing only this. Closing (for the time being) as WONTFIX until we get more demand for a smooth integration with IPA.