Bug 1731483 - RFE: Ship a default profile and support using custom profiles for use when creating sub-CA signing certs
Summary: RFE: Ship a default profile and support using custom profiles for use when cr...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.0
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Thomas Woerner
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-19 13:55 UTC by dminnich
Modified: 2021-01-27 14:57 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-01-27 14:57:03 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description dminnich 2019-07-19 13:55:45 UTC
Description of problem:

I'd like the ability to to set pathlen on subcas.  I can also imagine use cases where I'd want to set Validity lengths or NameConstraints differently on per sub-ca basis.  

My thought is it would be cool if ipa ca-add supported a --profile-id  in the same way ipa cert-request does.  It would default to some profile you ship similar to caIPAserviceCert.   If I wanted something else I could easily download, edit and upload the custom profile, then tell ca-add to use it.

Version-Release number of selected component (if applicable):
ipa-server-4.6.4-10.el7_6.2.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 6 Petr Vobornik 2021-01-27 14:57:03 UTC
This BZ has been evaluated multiple times over the last several years and we assessed that it is a valuable request to keep in the backlog and address it at some point in future. Time showed that we did not have such capacity, nor have it now nor will have in the foreseeable future. In such a situation keeping it in the backlog is misleading and setting the wrong expectation that we will be able to address it. Unfortunately we will not. To reflect this we are closing this BZ. If you disagree with the decision please reopen or open a new support case and create a new BZ. However this does not guarantee that the request will not be closed during the triage as we are currently applying much more rigor to what we actually can accomplish in the foreseeable future. Contributions and collaboration in the upstream community and CentOS Stream is always welcome!
Thank you for understanding
Red Hat Enterprise Linux Identity Management Team


Note You need to log in before you can comment on or make changes to this bug.