I'm investigating https://fedorahosted.org/freeipa/ticket/3363 (fix
--http_pkcs12 & friends).
I can't find documentation on these options, and from the code I can't
figure out enough about how they are/were supposed to work.
Is it the case that they were last used/tested before IPA started using
Dogtag, and have rotted since then?
Custom certs don't make sense to use if Dogtag is installed, right? So
when they're provided we should not install the CA and Certmonger?
If that's the case it would be easier (development- and testing-wise) to
just remove self-signed CA in the same set of patches.
Freeipa-devel mailing list