742611 – Make documentation more explicit about the difference between dogtag/self-signed/external CA

Bug 742611 - Make documentation more explicit about the difference between dogtag/self-signed/external CA

Summary: Make documentation more explicit about the difference between dogtag/self-sig...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	doc-Identity_Management_Guide
Sub Component:
Version:	6.1
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Deon Ballard
QA Contact:	ecs-bugs
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	747671 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-30 18:37 UTC by Benjamin Reed
Modified:	2012-01-06 22:07 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-01-06 22:07:20 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Benjamin Reed 2011-09-30 18:37:44 UTC

The way the documentation is written, it's not clear that you have *3* choices when determining how to set up your CAs, rather than 2.  Not knowing what dogtag was, it was not clear that it was an alternative to a self-signed certificate.  So, I had interpreted this wording:

  For the FreeIPA server itself to work as a CA, it uses a self-signed certificate,
  meaning that it approved and issued its own certificate. This is done by using
  the --selfsign option with the ipa-server-install command.

...to mean that if I'm not using an external certificate from VeriSign or similar, that I would need to instead use the self-sign option, when what I should have done was provided no option at all.

It would be better if the documentation was clearer about CA options, ie:

* 2.3.3.2. Using Different CAs
** Example 1 Using Dogtag for Certificate Management (Recommended)
** Example 2 Using a self-signed certificate
** Example 3 Using a certificate from an External CA

Comment 2 Dmitri Pal 2011-09-30 18:58:15 UTC

I suggest we make the documentation clear about this. I also will open another bug to update man pages.

Comment 3 Deon Ballard 2011-09-30 19:05:03 UTC

The man page bug is bug 742616, for reference.

Comment 4 Deon Ballard 2011-10-20 20:33:11 UTC

*** Bug 747671 has been marked as a duplicate of this bug. ***

Comment 10 Deon Ballard 2011-12-07 20:46:12 UTC

Fixed: 
http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/creating-server.html#install-ca-options

Note You need to log in before you can comment on or make changes to this bug.