Description of problem:
I'd like the ability to to set pathlen on subcas. I can also imagine use cases where I'd want to set Validity lengths or NameConstraints differently on per sub-ca basis.
My thought is it would be cool if ipa ca-add supported a --profile-id in the same way ipa cert-request does. It would default to some profile you ship similar to caIPAserviceCert. If I wanted something else I could easily download, edit and upload the custom profile, then tell ca-add to use it.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This BZ has been evaluated multiple times over the last several years and we assessed that it is a valuable request to keep in the backlog and address it at some point in future. Time showed that we did not have such capacity, nor have it now nor will have in the foreseeable future. In such a situation keeping it in the backlog is misleading and setting the wrong expectation that we will be able to address it. Unfortunately we will not. To reflect this we are closing this BZ. If you disagree with the decision please reopen or open a new support case and create a new BZ. However this does not guarantee that the request will not be closed during the triage as we are currently applying much more rigor to what we actually can accomplish in the foreseeable future. Contributions and collaboration in the upstream community and CentOS Stream is always welcome!
Thank you for understanding
Red Hat Enterprise Linux Identity Management Team