Bug 1731483 - RFE: Ship a default profile and support using custom profiles for use when creating sub-CA signing certs
Summary: RFE: Ship a default profile and support using custom profiles for use when cr...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.0
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Thomas Woerner
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-19 13:55 UTC by dminnich
Modified: 2020-02-06 19:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description dminnich 2019-07-19 13:55:45 UTC
Description of problem:

I'd like the ability to to set pathlen on subcas.  I can also imagine use cases where I'd want to set Validity lengths or NameConstraints differently on per sub-ca basis.  

My thought is it would be cool if ipa ca-add supported a --profile-id  in the same way ipa cert-request does.  It would default to some profile you ship similar to caIPAserviceCert.   If I wanted something else I could easily download, edit and upload the custom profile, then tell ca-add to use it.

Version-Release number of selected component (if applicable):
ipa-server-4.6.4-10.el7_6.2.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:


Note You need to log in before you can comment on or make changes to this bug.