Bug 1731483 - RFE: Ship a default profile and support using custom profiles for use when creating sub-CA signing certs
Summary: RFE: Ship a default profile and support using custom profiles for use when cr...
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.0
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: Thomas Woerner
QA Contact: ipa-qe
Depends On:
TreeView+ depends on / blocked
Reported: 2019-07-19 13:55 UTC by dminnich
Modified: 2020-02-06 19:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

Description dminnich 2019-07-19 13:55:45 UTC
Description of problem:

I'd like the ability to to set pathlen on subcas.  I can also imagine use cases where I'd want to set Validity lengths or NameConstraints differently on per sub-ca basis.  

My thought is it would be cool if ipa ca-add supported a --profile-id  in the same way ipa cert-request does.  It would default to some profile you ship similar to caIPAserviceCert.   If I wanted something else I could easily download, edit and upload the custom profile, then tell ca-add to use it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Note You need to log in before you can comment on or make changes to this bug.