Bug 1639441 - bundle CA profile for subordinate CAs into ipa/IdM
Summary: bundle CA profile for subordinate CAs into ipa/IdM
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa   
(Show other bugs)
Version: 7.6
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-15 18:06 UTC by jzaher
Modified: 2018-11-05 17:24 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-11-05 08:53:06 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description jzaher 2018-10-15 18:06:31 UTC
Description of problem:

Signing a subordinate CA's CSR in IdM is difficult and requires tinkering.  This functionality should be built in and present with the product.  Please bundle a subordinate CA profile like the one described in the following links [1][2] into ipa/IdM.

[1] https://access.redhat.com/solutions/3572691
[2] https://frasertweedale.github.io/blog-redhat/posts/2018-08-21-ipa-subordinate-ca.html


Version-Release number of selected component (if applicable):
RHEL 7

How reproducible:
consistent/100%

Comment 2 Fraser Tweedale 2018-10-19 09:07:05 UTC
Please read my comments on this RFE in my blog post:
https://frasertweedale.github.io/blog-redhat/posts/2018-10-19-ipa-sub-ca-profile.html.

The the reasons outlined there I'm inclined to close this WONTFIX,
but would like additional opinions (including CEE's).

Comment 3 Alexander Bokovoy 2018-11-05 08:53:06 UTC
Closing as WONTFIX according to comment 2. If you disagree, please provide arguments for another action.


Note You need to log in before you can comment on or make changes to this bug.